Course list Sign in

Information

Author(s) Noah Van Horenbeke
Deadline No deadline
Submission limit No limitation

Sign in

Sign in

L01 - Network attacks

🎯 Learning Objectives

This lab will allow you to:

  • Understand: the mechanics of three classic network attacks: SYN Flood, TCP Port Scan, and DNS Reflection/Amplification.
  • Implement: each attack using Python and Scapy on a virtualized network topology.
  • Capture: network traffic and provide evidence that each attack was successfully carried out.

Your goal is to implement the three following attacks from the attacker machine, while capturing the resulting traffic on the target machine.

Lab Presentation

This lab takes place in a small virtualized network composed of four machines:

  • attacker — the machine from which you will launch the attacks.
  • target — the victim machine receiving the attacks.
  • dns — a simple DNS server used in the reflection attack.
  • monitor — a passive observer connected to the network, used to capture traffic.
Lab network topology

📥 Download the Base Lab

Download the lab archive

To begin the exercise, download the archive below. It contains the full network topology and a code template to help you implement the attacks.

Download the "lab-network-attacks" archive

Launching the Lab (Kathará)

This lab uses Kathará, a container-based network emulator. You do not need to know how it works internally. Here are the only commands you need:

# Start all containers — run this at the root of the extracted archive
kathara lstart

# Open a terminal on a specific machine (attacker, target, dns, monitor)
kathara connect <machine>

# Stop and destroy all containers when you are done
kathara wipe

For more details, refer to the official Kathará documentation.

📁 Shared Folder & Attack Template

A shared/ folder is automatically mounted on all containers. It contains attacks.py, a Python template to help you implement the three attacks using Scapy.

Any modification to files in /shared is immediately reflected inside the containers, and any file written inside a container under /shared is immediately accessible from your host machine.

You don't need to restart the lab when you modify shared/attacks.py.

Step-by-Step Workflow

Step 1 — Answer the preliminary questions. Before the main task, answer a set of questions about the topology and the attacks. You must pass them all to unlock the submission form.

Step 2 — Implement & run the attacks. [1] Complete the three functions in shared/attacks.py, then on two separate terminals:

# On the target: start capturing traffic BEFORE launching the attacks
kathara connect target
tcpdump -i eth0 -w /shared/capture.pcap

#On the attacker: run your completed attack script
kathara connect attacker
python3 /shared/attacks.py

# Once all attacks are done, stop the capture

Step 3 — Submit capture.pcap using the next task. The grader will automatically verify that all three attacks are present and generate a detailed report.

[1]The port scan should complete in under 5 minutes. Avoid scanning all 65535 ports.
Question 1: SYN Flood

In a SYN Flood attack, what does the attacker send repeatedly to the target?

Question 2: TCP Port Scan

During a TCP SYN scan, what response indicates that a port is open?

Question 3: DNS Reflection

In a DNS reflection attack, why does the attacker spoof the source IP address?

Question 4: Network topology

In this lab, what is the IP of the machine which plays the role of the attacker? Provide your answer in : A.B.C.D format.

Question 5: Open ports
Hint Add answer

How many ports are open on the target ?