Advanced Network Security

You begin at the Citadel’s outer perimeter, a maze of diagnostic tools and foundational protocols. The Phantoms have left clues in the network’s basic operations. Your first task is to trace their entry point using traceroute, which relies on ICMP and UDP packets (ports > 33434) to map the path. You notice the TTL values in their packets are set to the Linux default of 64, indicating they’re using a Linux-based system. Digging deeper, you uncover their use of ARP at Layer 2 to manipulate MAC addresses, allowing them to slip past initial defenses. A quick check reveals they resolved the Citadel’s domain via DNS, translating names to IPs. Their subnet, a /26, supports up to 62 hosts, suggesting a small, agile attack group. You find traces of SSH over TCP port 22 in their communications, and an IPv6 Next Header field in their packets confirms they’re using modern protocols. With these fundamentals cracked, you gain access to the next layer.
 

Inside the Citadel’s core, you encounter a sophisticated routing and switching infrastructure. The Phantoms have manipulated the network’s paths to cover their tracks. You discover they exploited EIGRP, a Cisco protocol supporting unequal cost load balancing, to reroute traffic unevenly. Their setup caused switching loops, which you counteract by reinforcing STP to prevent broadcast storms. Analyzing their routing, you find BGP AS_PATH attributes altered to avoid loop detection, confirming their expertise. The Citadel’s OSPF routes, with a default administrative distance of 110, were tampered with, but you restore them. In the HSRP setup, you adjust the priority to ensure the correct active router takes over. To counter their rapid network changes, you deploy RSTP for faster convergence than STP. Finally, you uncover their use of MPLS Label Switching Paths (LSPs) to mask their data flow. With the core stabilized, you move deeper into the Citadel.

Now in the Citadel’s monitoring hub, you use forensic tools to track the Phantoms’ movements. With tcpdump, you capture live traffic, revealing their activity. Applying a Wireshark filter for HTTP traffic, you isolate their web-based commands. A packet with TTL=1 indicates they used traceroute-like techniques for hop-by-hop inspection. You find SNMPv2 on port 161 was exploited for network monitoring, giving them insights into the Citadel’s topology. A TCP RST flag in their traffic shows they forcibly reset connections to avoid detection. Using Nmap, you scan for open ports and discover their entry points, with a FIN scan bypassing firewalls and stateless filters. By analyzing these patterns, you pinpoint their command-and-control server.

The Phantoms have breached the Citadel’s security layer, and you must fortify it. You detect an ARP Spoofing/MITM attack on the switched LAN, poisoning the ARP cache to intercept traffic. Their DNS poisoning over UDP allowed them to redirect users to malicious sites. You upgrade the wireless network to WPA3, the most secure encryption, replacing outdated WPA2. You secure web traffic by ensuring HTTPS on port 443 is enforced. Deploying a Layer 7 firewall with deep packet inspection, you block their application-layer attacks. Their use of IP spoofing for untraceable DDoS attacks is mitigated by filtering fake source IPs. Finally, you activate an IDS to detect unauthorized access, alerting you to their ongoing attempts. With the security layer locked down, you approach the Citadel’s cutting-edge infrastructure.

In the Citadel’s virtualized and cloud-based core, the Phantoms are preparing their final assault. You discover they’ve exploited SDN, separating the control plane and data plane to manipulate traffic. Using an open-source SDN controller like ONOS or OpenDaylight, they centralized their control. Their VXLAN tunnels, running over UDP port 4789, created overlay networks to hide their movements. In VMware environments, they tampered with vSwitches in the hypervisor. You secure the cloud with Security Groups, defining strict access rules. Checking the IP routing table with ip route, you reroute their traffic to a honeypot. Finally, you uncover their use of GRE (Generic Routing Encapsulation) for tunneling, which you disable. With their infrastructure dismantled, you confront the Phantoms in a final digital showdown, capturing their flag and securing the Citadel.