Index

1. Ether TAP and Ether TUN

• these notes came from the NSTX Debian GNU/Linux and the ULM (user mode linux configuration)
• is a package which provides pseudo devices which allow a user program to read/write Ethernet packets
• more than this it allows the sysadmin to configure an ethertap device to deliver all Ethernet packets destined for an IP address to a device, ie ( /dev/tap0 )
  • which in turns means a user level program can read all these packets
  • and it allows a user program to write these packets to the /dev/tun0
• the user level program can therefore manipulate these Ethernet packets and provide:
  • encryption of all Ethernet packets
  • tunnelling Ethernet packets over another protocol (say DNS)

2. Configuring TUN and TAP under GNU/Linux

• create the device with tunctl (available from the UML (user mode linux) utilities

• tunctl -u uid

• uid is the user id or username that UML will be run as
  • it will tell you what device was created (assume tap0 )
• now configure the device /dev/tap0 to have the IP address 192.168.0.1

• ifconfig tap0 192.168.0.1 up

• now enable IP forewarding

• bash -c ’echo 1 > /proc/sys/net/ipv4/ip_forward’

• now tell the operating system that 192.168.0.2 is reachable via /dev/tap0

• route add -host 192.168.0.2 dev tap0

• enable the APR protocol across this tunnel

• bash -c ’echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp’
  arp -Ds 192.168.0.2 eth0 pub
  chmod 666 /dev/net/tun

• now you should be able to ping 192.168.0.2
  • you will have to have configured the server 192.168.0.2 in the same way
    

3. NSTX

• is a package which, under GNU/Linux, provides IP tunnelling over DNS
• to configure this package requires that you have also installed the TUN/TAP package
  • and have configured the ethertap on one machine to 192.168.0.1 and the ethertap on the other machine to 192.168.0.2
• now a net route must be created through the ethertap on both sides
  • see configuring TUN and TAP
• now the server is started by:

• ./nstxd your.domain.name.net

• and the client on your wireless laptop

• ./nstxcd your.domain.name.net 111.222.333.444

• where 111.222.333.444 is the default DNS server which is expected to be used in the network connecting to your wireless laptop
• it should be possible to ping 192.168.0.2 from 192.168.0.1 and the other way round
  

4. Practice exam question

• Network attacks occur at many different protocol layers. Choose 3 network protocol example attacks (two at the transport layer and one from the IP layer) and clearly show with the aid of a diagram how these attacks can be mounted.
• Critically analyse appropriate countermeasures for such attacks.

5. Book sources

• For the discussion on DNS
  • TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994, ISBN 0-201-63346-9.
• For security on various protocols see
  • 802.11 Security By Bruce Potter, Bob Fleck 1st Edition December 2002 ISBN: 0-596-00290-4 192 pages
  • 802.11 Security
• IP over DNS
• Secure shell
• Python resource

Index

This document was produced using groff-1.20.