Network Security for Fun and Profit Presented by Dani Firman Syah EDUCATION PURPOSE ONLY.

Slides:



Advertisements
Presentasi serupa
+ KOMPONEN DALAM LAN Indra Priyandono. + Local Area Network (LAN)  LAN adalah jaringan yang dibatasi oleh area yang relatif kecil  Sejumlah komputer.
Advertisements

Jaringan komputer Pertemuan 4.
PROXY SERVER SEBAGAI GERBANG INTERNET.
Pengamanan Digital Lukito Edi Nugroho. Transaksi Elektronis Transaction : “an action or activity involving two parties or things that reciprocally affect.
BAB IV KONSEP JARINGAN KOMPUTER (Protokol dan Hardware Jaringan)
Network Security Susilo Aribowo, ST.
Network Security.
Keamanan Data dan Jaringan Komputer
KEAMANAN JARINGAN One_Z Keamana Komputer.
Zaini, PhD Jurusan Teknik Elektro Universitas Andalas 2012
Gateway Jaringan Komputer
Keamanan Komputer Pertemuan 3.
Session Hijacking Oleh: Firdaus Nurdiansyah [ ]
VLAN.
INTERNETWORKING PROTOCOL
Praktikum 3 Komunikasi Data dan Jaringan Komputer
Network Security Catur Iswahyudi.
Isbat Uzzin N Politeknik Elektronikan Negeri Surabaya Institut Tekonolgi Sepuluh Nopember Mata Kuliah Administrasi Jaringan.
Virtual Private Network
Transparent Subnet Gateway Pada Gateway Hotspot Untuk Mobilitas IP
IP Address Dedi Hermanto.
(TK-3193) KEAMANAN JARINGAN
Istilah dalam Keamanan Komputer
1 Pertemuan 1 Pendahuluan Matakuliah: H0483 – Network Programming Tahun: 2005 Versi: 1.0.
Lab. Simulasi Pertemuan XIV.
VLAN VLAN merupakan suatu model jaringan yang tidak terbatas pada lokasi fisik seperti LAN , hal ini mengakibatkan suatu network dapat dikonfigurasi secara.
DoS Attack.
Introduction Networking
Electronic Engineering Polytechnic Institut of Surabaya – ITS Kampus ITS Sukolilo Surabaya Portsentry.
Digunakan dalam pembuatan dasar- dasar hubungan internet Referensi ini sering disebut sebagai referensi model TCP/IP Terdiri atas empat lapisan.
Administrasi Jaringan
Network address translation (nat)
Administrasi Jaringan Pendahuluan
Keamanan lapis jaringan
Rahmat Robi Waliyansyah, M.Kom.
Chapter 04 IP Address (IPv4) Basic Networking IlmuJaringan(dot)Com
Zaini, PhD Jurusan Teknik Elektro Universitas Andalas 2012
Serangan Lapis Jaringan
Referensi Model TCP/IP
Pembahasan Pendahuluan HTTP FTP SMTP DNS Telnet.
LAN (Local Area Network)
Konsep Keamanan Jaringan
Materi 6 Lapis Transport
Chapter 06 MikroTik Router Basic Networking IlmuJaringan(dot)Com
Evaluasi Keamanan Sistem Informasi
Dasar-Dasar Jaringan Komputer
TCP & UDP.
Evaluasi Keamanan Sistem Informasi
Keamanan Jaringan Komputer
NETWORK LAYER OSI LAYER 3.
TRANSPORT LAYER PROTOKOL
Zaini, PhD Jurusan Teknik Elektro Universitas Andalas 2012
VLAN Virtual LAN.
Virtual Private Network
SISTEM OPERASI JARINGAN
Khairil Fakultas Ilmu Komputer Universitas Dehasen
PERTEMUAN KETUJUH Referensi Model DoD.
SOAL TEORI TKJ Dimas Pamarta XII TKJ 2 / 7 Selanjutnya.
Jaringan Komputer.
Firewall adalah “pos pemeriksa”
IPv6.
Pengantar Jaringan Komputer Keamanan Jaringan Komputer
INTERNETWORKING Didi Juardi,ST.,M.Kom.
Jaringan Komputer Week 2-Protocol Jaringan -TCP/IP Reference Model.
Session Hijacking Oleh: Firdaus Nurdiansyah [ ]
SISTEM OPERASI JARINGAN
Keamanan Informasi dan Administrasi Jaringan
Network Security Catur Iswahyudi.
Basic Networking Chapter 04 IP Address (IPv4) Chapter 04.
Jaringan Komputer.
Transcript presentasi:

Network Security for Fun and Profit Presented by Dani Firman Syah EDUCATION PURPOSE ONLY

Overview TCP-IP Three Way Handshake ARP (The Address Resolution Protocol) DNS Transactions Sniffing (Passsively & Actively) Spoofing (Mechanism) ARP Spoofing Smurf Attack/SYN Flood DNS Attack Sniffing HTTPS (MITM) Session Hijacking

TCP-IP Three Way Handshake SYN with ISN A COMPUTER A COMPUTER B ACK ISN A with SYN ISN B ACK ISN B Connection establish (ACK, Data)

ARP (The Address Resolution Protocol) ARP Query: Broadcast “Who has ?” LA N IP Addr = MAC = F2:53:BC:4F IP Addr = MAC = A5:75:EF:3C IP Addr = MAC = C2:72:B7:3C ARP Response: Unicast “my MAC C2:72:B7:3C”

HUB (Concentrator) HUB HELLO, HELLO

Switch (Concentrator) SWITCH HELLO, HELLO A Destination MAC Address is C and only sent out on interface with C B C D

DNS Transaction Local DNS Server Root DNS Server COM DNS Server Authority DNS Server domainexample.co m Referral to COM Referral to Authority The Answer! The Answer

Sniffing Gathering traffic data TCP-IP di LAN melalui network devices (NIC, HUB, SWITCH). Tools: Tcpdump, Ethereal, Windump, Snort, Dsniff, Sniffit.

Sniffing Mechanism LA N Sniffer gathering traffic from this machine A B

Passive & Active Sniffing Passive Sniffing: proses sniffing di LAN yang menggunakan HUB sebagai concentrator. HUB broadcast ke seluruh NIC client, seluruh traffic connection di LAN termonitor sniffer. Active Sniffing: proses sniffing di LAN yang menggunakan Switch sebagai concentrator. Switch hanya broadcast ke NIC dari client yang di tuju sehingga sniffer hanya bisa melihat satu koneksi yang aktif.

Tcpdump

Ethereal

Windump

Snort

Dsniff

Sniffit

Spoofing Spoofing = Poisoning ARP message. MAC berkomunikasi dengan menggunakan routing dari ARP table. ARP table yang ter-poisoning menyebabkan traffic dapat dibelokan ke MAC attacker. Tools: arpspoof, arp-sk, arp-fillup etc.

Spoofing Example

Spoofing Mechanism SWIT CH DEFAULT ROUTER for LAN THE OUTSIDE or INTERNET Configure IP for forwarding to send packets to default router. Sniff the traffic. Packets forwarded from attacker’s machine to the actual default router for delivery to the outside. Send fake ARP response to remap default router IP address to attacker’s MAC address. Victim sends traffic destined for the outside world. Based on poisoned ARP table entry, traffic is really sent to the attackers MAC address ATTACKER hello, hello, hello VICTI M

Arpspoof (1)

Arpspoof (2)

Arpspoof (3)

TCP-IP Injection with Ettercap

Demo ARP Spoofing Demo TCP Injection

THE OUTSIDE Spoofing & DNS Attack SWITC H DEFAULT ROUTER for LAN Attacker activates dnsspoof program. Victim tries to resolve a name using DNS. ATTACKER VICTI M Victim now surfs to attacker’s site instead of desired destination. Attacker sniffs DNS request from the line. ATTACKER’S SITE Attacker quickly sends fake DNS response with any IP address the attacker wants the victim to use: = Attacker’s machine at m m IP =

Sniffing HTTPS with DNS Spoofing THE OUTSIDE LAN DEFAULT ROUTER for LAN Attacker activates dnsspoof and webmitm programs. Victim establishes SSL connection, not knowing attacker is proxying connection. ATTACKER VICTI M Victim now access the desired server, but all traffic is viewable by attacker using webmitm as a proxy Webmitm proxies the https connection, establishing an https connection to the server and sending the attacker’s own certificate to the client. Dnsspoof sends fake DNS response with the IP address of the machine running webmitm ( ) Website with HTTPS services at SECURE SITE

Webmitm’s log

Spoofing & DoS Computer A Computer B Attacke r SYN (A, ISN A ) ACK (A, ISN A SYN (B, ISN B ) RESET!! !

SYN Flood/Smurf Attack (Spoofing Act) Computer AComputer B Attacke r SYN (A, ISN A ) ACK (A, ISN A SYN (B, ISN B ) ACK (B, ISN B ) DIE!!! (SYN FLOOD)

Session Hijacking Take over session koneksi yang mengakibatkan teraksesnya koneksi antara dua komputer yang sedang berkomunikasi melalui TCP-IP. Menggabungkan teknik spoofing (posion ARP) dan sniffing. Possible hijack session connection untuk services telnet, ftp, rlogin dsb. Tools: Hunt, Juggernaut, IP Watcher, TTYWatcher, TTYSnoop, Sniffit.

Session Hijacking Scenario NETWO RK ANTO BUDI ATTACKER Anto establishing telnet connection. Using sniffing technique, attacker sees all packet going from ANTO to BUDI also monitor the TCP sequence numbers of these packets while observing the session Attacker hijack the connection with a source IP address of ANTO, using the proper TCP sequence numbers on all packets. 4 After hijack, session connection disappears, The users often just assume it’s network trouble.

Demo Telnet Session Hijacking

Sniffer Detections a.CPM (Check Promiscous Mode) b.NEPED (Promiscous Scanner) c.SniffDet, d.AntiSniff (L0pht), e.Sentinel, f.PromiscDetect, g.ProDetect,

Counter-measures Gunakan ARPWatch untuk memonitor ARP dan alamat di ethernet (MAC). Konfigurasikan network dengan static ARP Table ( Suitable for DMZ area ). arp -s aa c6-09 Gunakan koneksi yang terenkripsi seperti HTTPS dengan trusted CERT, IPSec/VPN, SSH, telnet dengan kerberos, S/MIME atau dengan PGP dan ftp yang terencrypt ( secure ftp ). Konfigurasikan di setiap port switch dengan menggunakan MAC address yang spesifik, bila perlu untuk DMZ area di pasang firewall dengan filtering MAC. iptables -A FORWARD -m state --state NEW \ -m mac --mac-source 00:DE:AD:BE:EF:00 -j ACCEPT

WinARP Watch WinARP Watch mampu mendeteksi perubahan-perubahan di ARP Table

Questions

Tanggapan: Pengaturan dan alat privasi Tanggapan
Do Not Sell My Personal Information
Tentang proyek: SlidePlayer Syarat penggunaan

© 2024 SlidePlayer.info Inc. All rights reserved.