IT 4510

Firewallz

Dr Joe Francom

Activity 1

Tunneling

• "The attacker will need to have some way to exfiltrate data and to do so in a way that is not detected."
• Review ssh tunneling

Activity 2

Ip conversion

• We know we can put the ip address of a website as url. Perhaps one way to get around a firewall would be to convert it to binary and back.
• i.e. 144.38.192.200
• Convert to binary
• Convert binary back to long number

Activity 3

Honeypots

• Interesting
• More
• Play with cowrie
  • sudo apt install docker.io
  • sudo adduser cituser docker (logout and back in)
  • docker run -d -p 2223:2222/tcp cowrie/cowrie
• Could do our password attack against it... Try a few

Activity 4

Honeypots

The users root/richard will let you in with any password

What can you do when logged in.

How to see the logs?

• docker logs <contaienr name>