Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Network Security for Fun and Profit Presented by Dani Firman Syah EDUCATION PURPOSE ONLY.

Diterbitkan olehSudomo Halim Telah diubah "7 tahun yang lalu

Presentasi serupa

Presentasi berjudul: "Network Security for Fun and Profit Presented by Dani Firman Syah EDUCATION PURPOSE ONLY."— Transcript presentasi:

1 Network Security for Fun and Profit Presented by Dani Firman Syah e-mail: xnuxer@yahoo.com EDUCATION PURPOSE ONLY

2 Overview TCP-IP Three Way Handshake ARP (The Address Resolution Protocol) DNS Transactions Sniffing (Passsively & Actively) Spoofing (Mechanism) ARP Spoofing Smurf Attack/SYN Flood DNS Attack Sniffing HTTPS (MITM) Session Hijacking

3 TCP-IP Three Way Handshake SYN with ISN A COMPUTER A COMPUTER B ACK ISN A with SYN ISN B ACK ISN B Connection establish (ACK, Data)

4 ARP (The Address Resolution Protocol) ARP Query: Broadcast “Who has 10.1.1.22?” LA N IP Addr = 10.1.1.66 MAC = F2:53:BC:4F IP Addr = 10.1.1.34 MAC = A5:75:EF:3C IP Addr = 10.1.1.22 MAC = C2:72:B7:3C ARP Response: Unicast “my MAC C2:72:B7:3C”

5 HUB (Concentrator) HUB HELLO, HELLO

6 Switch (Concentrator) SWITCH HELLO, HELLO A Destination MAC Address is C and only sent out on interface with C B C D

7 DNS Transaction Local DNS Server Root DNS Server COM DNS Server Authority DNS Server domainexample.co m Referral to COM Referral to Authority The Answer! 10.3.2.11 The Answer 10.3.2.11

8 Sniffing Gathering traffic data TCP-IP di LAN melalui network devices (NIC, HUB, SWITCH). Tools: Tcpdump, Ethereal, Windump, Snort, Dsniff, Sniffit.

9 Sniffing Mechanism LA N Sniffer gathering traffic from this machine A B

10 Passive & Active Sniffing Passive Sniffing: proses sniffing di LAN yang menggunakan HUB sebagai concentrator. HUB broadcast ke seluruh NIC client, seluruh traffic connection di LAN termonitor sniffer. Active Sniffing: proses sniffing di LAN yang menggunakan Switch sebagai concentrator. Switch hanya broadcast ke NIC dari client yang di tuju sehingga sniffer hanya bisa melihat satu koneksi yang aktif.

11 Tcpdump

12 Ethereal

13 Windump

14 Snort

15 Dsniff

16 Sniffit

17 Spoofing Spoofing = Poisoning ARP message. MAC berkomunikasi dengan menggunakan routing dari ARP table. ARP table yang ter-poisoning menyebabkan traffic dapat dibelokan ke MAC attacker. Tools: arpspoof, arp-sk, arp-fillup etc.

18 Spoofing Example

19 Spoofing Mechanism SWIT CH DEFAULT ROUTER for LAN THE OUTSIDE or INTERNET Configure IP for forwarding to send packets to default router. Sniff the traffic. Packets forwarded from attacker’s machine to the actual default router for delivery to the outside. Send fake ARP response to remap default router IP address to attacker’s MAC address. Victim sends traffic destined for the outside world. Based on poisoned ARP table entry, traffic is really sent to the attackers MAC address. 1 2 3 4 5 ATTACKER hello, hello, hello VICTI M

20 Arpspoof (1)

21 Arpspoof (2)

22 Arpspoof (3)

23 TCP-IP Injection with Ettercap

24 Demo ARP Spoofing Demo TCP Injection

25 THE OUTSIDE Spoofing & DNS Attack SWITC H DEFAULT ROUTER for LAN 1 3 4 2 5 Attacker activates dnsspoof program. Victim tries to resolve a name using DNS. ATTACKER VICTI M Victim now surfs to attacker’s site instead of desired destination. Attacker sniffs DNS request from the line. ATTACKER’S SITE Attacker quickly sends fake DNS response with any IP address the attacker wants the victim to use: www.surfingstuff.com = 10.3.1.5 Attacker’s machine at 10.3.1.5 www.somesite.co m www.surfingstuff.co m IP = 10.2.1.100

26 Sniffing HTTPS with DNS Spoofing THE OUTSIDE LAN DEFAULT ROUTER for LAN 1 4 2 3 5 Attacker activates dnsspoof and webmitm programs. Victim establishes SSL connection, not knowing attacker is proxying connection. ATTACKER 10.1.3.7 VICTI M Victim now access the desired server, but all traffic is viewable by attacker using webmitm as a proxy Webmitm proxies the https connection, establishing an https connection to the server and sending the attacker’s own certificate to the client. Dnsspoof sends fake DNS response with the IP address of the machine running webmitm (10.1.3.7) Website with HTTPS services at 10.15.2.7 SECURE SITE

27 Webmitm’s log

28 Spoofing & DoS Computer A Computer B Attacke r SYN (A, ISN A ) ACK (A, ISN A SYN (B, ISN B ) RESET!! !

29 SYN Flood/Smurf Attack (Spoofing Act) Computer AComputer B Attacke r SYN (A, ISN A ) ACK (A, ISN A SYN (B, ISN B ) ACK (B, ISN B ) DIE!!! (SYN FLOOD)

30 Session Hijacking Take over session koneksi yang mengakibatkan teraksesnya koneksi antara dua komputer yang sedang berkomunikasi melalui TCP-IP. Menggabungkan teknik spoofing (posion ARP) dan sniffing. Possible hijack session connection untuk services telnet, ftp, rlogin dsb. Tools: Hunt, Juggernaut, IP Watcher, TTYWatcher, TTYSnoop, Sniffit.

31 Session Hijacking Scenario NETWO RK ANTO BUDI ATTACKER Anto establishing telnet connection. Using sniffing technique, attacker sees all packet going from ANTO to BUDI also monitor the TCP sequence numbers of these packets while observing the session. 1 2 3 Attacker hijack the connection with a source IP address of ANTO, using the proper TCP sequence numbers on all packets. 4 After hijack, session connection disappears, The users often just assume it’s network trouble.

32 Demo Telnet Session Hijacking

33 Sniffer Detections a.CPM (Check Promiscous Mode) b.NEPED (Promiscous Scanner) c.SniffDet, http://sourceforge.net/projects/sniffdet/ d.AntiSniff (L0pht), http://www.l0pht.com/antisniff/ e.Sentinel, http://www.packetfactory.net/Projects/sentinel/ f.PromiscDetect, http://ntsecurity.nu/toolbox/promiscdetect/ g.ProDetect, http://sourceforge.net/projects/prodetect/

34 Counter-measures Gunakan ARPWatch untuk memonitor ARP dan alamat di ethernet (MAC). Konfigurasikan network dengan static ARP Table ( Suitable for DMZ area ). arp -s 192.168.0.100 00-aa-00-62-c6-09 Gunakan koneksi yang terenkripsi seperti HTTPS dengan trusted CERT, IPSec/VPN, SSH, telnet dengan kerberos, S/MIME email atau email dengan PGP dan ftp yang terencrypt ( secure ftp ). Konfigurasikan di setiap port switch dengan menggunakan MAC address yang spesifik, bila perlu untuk DMZ area di pasang firewall dengan filtering MAC. iptables -A FORWARD -m state --state NEW \ -m mac --mac-source 00:DE:AD:BE:EF:00 -j ACCEPT

35 WinARP Watch WinARP Watch mampu mendeteksi perubahan-perubahan di ARP Table

36 Questions

Download ppt "Network Security for Fun and Profit Presented by Dani Firman Syah EDUCATION PURPOSE ONLY."

Presentasi serupa

+ KOMPONEN DALAM LAN Indra Priyandono. + Local Area Network (LAN)  LAN adalah jaringan yang dibatasi oleh area yang relatif kecil  Sejumlah komputer.

+ KOMPONEN DALAM LAN Indra Priyandono. + Local Area Network (LAN)  LAN adalah jaringan yang dibatasi oleh area yang relatif kecil  Sejumlah komputer.
Jaringan komputer Pertemuan 4.

Jaringan komputer Pertemuan 4.
PROXY SERVER SEBAGAI GERBANG INTERNET.

PROXY SERVER SEBAGAI GERBANG INTERNET.
Pengamanan Digital Lukito Edi Nugroho. Transaksi Elektronis Transaction : “an action or activity involving two parties or things that reciprocally affect.

Pengamanan Digital Lukito Edi Nugroho. Transaksi Elektronis Transaction : “an action or activity involving two parties or things that reciprocally affect.
BAB IV KONSEP JARINGAN KOMPUTER (Protokol dan Hardware Jaringan)

BAB IV KONSEP JARINGAN KOMPUTER (Protokol dan Hardware Jaringan)
Network Security Susilo Aribowo, ST.

Network Security Susilo Aribowo, ST.
Network Security.

Network Security.
Keamanan Data dan Jaringan Komputer

Keamanan Data dan Jaringan Komputer
KEAMANAN JARINGAN One_Z Keamana Komputer.

KEAMANAN JARINGAN One_Z Keamana Komputer.
Zaini, PhD Jurusan Teknik Elektro Universitas Andalas 2012

Zaini, PhD Jurusan Teknik Elektro Universitas Andalas 2012
Gateway Jaringan Komputer

Gateway Jaringan Komputer
Keamanan Komputer Pertemuan 3.

Keamanan Komputer Pertemuan 3.
Session Hijacking Oleh: Firdaus Nurdiansyah [ ]

Session Hijacking Oleh: Firdaus Nurdiansyah [ ]
VLAN.

VLAN.
INTERNETWORKING PROTOCOL

INTERNETWORKING PROTOCOL
Praktikum 3 Komunikasi Data dan Jaringan Komputer

Praktikum 3 Komunikasi Data dan Jaringan Komputer
Network Security Catur Iswahyudi.

Network Security Catur Iswahyudi.
Isbat Uzzin N Politeknik Elektronikan Negeri Surabaya Institut Tekonolgi Sepuluh Nopember Mata Kuliah Administrasi Jaringan.

Isbat Uzzin N Politeknik Elektronikan Negeri Surabaya Institut Tekonolgi Sepuluh Nopember Mata Kuliah Administrasi Jaringan.
Virtual Private Network

Virtual Private Network
Transparent Subnet Gateway Pada Gateway Hotspot Untuk Mobilitas IP

Transparent Subnet Gateway Pada Gateway Hotspot Untuk Mobilitas IP

Presentasi serupa

Iklan oleh Google