Professional Documents
Culture Documents
94 - Bao Cao Chuyen de - Tim Hieu Sniffer - Nguyen Chi Bao
94 - Bao Cao Chuyen de - Tim Hieu Sniffer - Nguyen Chi Bao
94 - Bao Cao Chuyen de - Tim Hieu Sniffer - Nguyen Chi Bao
MC LC
MC LC .................................................................................................................1 CHNG I: L THUYT V SNIFFER ............................................................2 I. Cc khi nim cn bn v Sniffer .................................................................2 1.1 Mt s thut ng : ..........................................................................................2 a ch Ethernet MAC l g ? .....................................................................4 1.2 i nt v Sniffer : ........................................................................................5 1.3 Sniffer c s dng nh th no ? ...............................................................6 1.4 Phn loi Sniffing .........................................................................................7 II . Cc phng php pht hin Sniffer trn h thng mng :.........................9 2.1 Phng php dng Ping:..............................................................................10 2.3 Phng php s dng DNS : .......................................................................13 2.4 Phng php Source-Route : .......................................................................13 2.5 Phng php ging by (Decoy) : ...............................................................14 2.6 Phng php kim tra s chm tr ca gi tin (Latency) : .........................14 III Phng php ngn chn Sniffer trn h thng mng : .............................14 3.1 Cc h thng mng c nguy c Sniffer : .....................................................14 3.2 Cc giao thc c nguy c Sniffer: ............................................................15 3.3 Phng php ngn chn Sniffer d liu ?...............................................15 3.4 Phng php ngn chn Sniffer Password : ................................................16 3.5 Phng php ngn chn Sniffer trn thit b phn cng .............................17 CHNG II: PHN THC HNH LAP ..........................................................18 CHNG III: MT VI CCH CHNG SNIFFER TRONG LAN .............36 CHNG IV:TI LIU THAM KHO ............................................................42 CHNG V: KT LUN ....................................................................................43
RARP (Reverse Address Resolution Protocol) : Lm cng vic ngc li ARP, chuyn a ch phn cng t mt my sang a ch IP. TCP (Transmission Control Protocol) : Mt giao thc, dch v da trn kt ni, iu ny cho php cc my nhn v gi d liu c th truyn thng vi nhau vo mi lc, mi ni. UDP (User Datagram Protocol) : Mt giao thc, mt dch v khng kt ni, hai my gi v nhn s khng truyn thng vi nhau thng qua mt kt ni lin tc. Telnet : Giao thc cho php ng nhp t xa ngi ding trn my ny c th kt ni vi my kia v s hot ng nh l ngi my vy. FTP (File Transfer Protocol) : Giao thc truyn d liu t my ny sang my khc dng giao thc TCP.
Trang 3 NGUYN CH BO- MSSV: 2985.52- LP 52PM2
a- Passive Sniffing
Gi l Passive Sniffing bi v cc attacker th ng nm trn mng Lan ch i cc gi d liu c gi i v bt ly chng.iu s hiu qu trong vic m thm thu nhp cc d liu t mng Lan - Mi trng : Hot ng ch yu trong mi trng khng c cc thit b chuyn mch gi. Ph bin hin nay l cc dng mch s dng HUB hay cc mch khng dy( Wireless) - C ch hot ng: Do khng c cc thit b chuyn mch gi nn cc host phi broadcast cc gi tin i trong mng t c th bt gi tin li xem( d Host nhn gi tin khng phi l ni n ca gi tin - c im: do cc my t boardcast cc gi nn hnh thc sniff ny rt kh pht hin Passive Sniffing thc hin sniffing thng qua Hub
b- Active Sniffing
S lc qu trnh hot ng: Trn cng mt mng, Host A v Host B mun truyn tin cho nhau , cc packet s c a xung tng Datalink ng gi, cc Host phi ng gi MAC ngun, MAC ch v Frame. Nh vy trc khi qu trnh truyn d liu, cc Host phi hi a ch MAC ca nhau Nu nh host A khi ng qu trnh hi MAC trc, n s hi broadcast gi tin ARP request cho tt c cc Host hi MAC host B, lc Host B c MAC ca Host A, sau Host B ch tr li cho Host A Mac ca Host B( ARP reply) C 1 Host C lin tc gi ARP reply cho Host A v Host B a ch Mac ca Host C, nhng li t li a ch IP l Host A v Host B,lc ny Host A c ngh my B c Mac l C. Nh vy cc gi tin m Host A gi cho Host B b a n Host C, gi tin Host B tr li cho Host A cng a n Host C.Nu Host C bt chc nng forwarding th coi nh Host A v Host B khng h hay bit rng mnh b tn cng ARP
HOST A HOST B
HOST C
V d: Ta c m hnh gm cc host Attacker: l my hacker dng tn cng ARP IP: 10.0.0.11 MAC: 0000.0000.1011 Victim: l my b tn cng IP: 10.0.0.12 MAC: 0000.0000.1012 HostA IP: 10.0.0.13 MAC: 0000.0000.1013 - u tin, HostA mun gi d liu cho Victim, cn phi bit a ch MAC ca Victim lin lc. HostA s gi broadcast ARP Request ti tt c cc my trong cng mng LAN hi xem IP 10.0.0.12 (IP ca Victim) c a ch MAC l bao nhiu. - Attacker v Victim u nhn c gi tin ARP Request, nhng ch c Victim gi tr li gi tin ARP Reply li cho HostA. ARP Reply cha thng tin v IP 10.0.0.12 v MAC 0000.0000.1012 ca Victim - HostA nhn c gi ARP Realy t Victim, bit c a ch MAC ca Victim l 0000.0000.1012 s bt u thc hin lin lc truyn d liu n Victim. Attacker khng th xem ni dung d liu c truyn gia HostA v Victim My Attacker mun thc hin ARP attack i vi my Victim. Attacker mun mi gi tin HostA gi n my Victim u c th chp li c xem trm - Attacker thc hin gi lin tc ARP Reply cha thng tin v IP ca Victim 10.0.0.12, cn a ch MAC l ca Attacker 0000.0000.1011. - HostA nhn c ARP Reply ngh rng IP Victim 10.0.0.12 c a ch MAC l 0000.0000.1011. HostA lu thng tin ny vo bng ARP Cache v thc hin kt ni.
Trang 12 NGUYN CH BO- MSSV: 2985.52- LP 52PM2
3.2 Cc giao thc c nguy c Sniffer: Telnet, Rlogin: T hp bn phm bao gm User v password SNMP: Mt khu v d liu c gi trong vn bn r rng NNTP: Mt khu v d liu c gi trong vn bn r rng POP, IMAP, SMTP: Mt khu v d liu c gi trong vn bn r rng FTP: Mt khu v d liu c gi trong vn bn r rng HTTP: D liu c gi trong vn bn r rng
3.3 Phng php ngn chn Sniffer d liu ? C l cch n gin nht ngn chn nhng k mun Sniffer d liu l s dng cc giao thc m ho chun cho d liu trn ng truyn. Khi m ho d liu, nhng k tn cng c c th Sniffer c d liu, nhng chng li khng th c c n... SSL (Secure Socket Layer) : Mt giao thc m ho c pht trin cho hu ht cc Webserver, cng nh cc Web Browser thng dng. SSL c s dng m ho nhng thng tin nhy cm gi qua ng truyn nh : S th tin dng ca khch hng, cc password v thng tin quan trng. PGP v S/MIME: E-mail cng c kh nng b nhng k tn cng c Sniffer. Khi Sniffer mt E-mail khng c m ho, chng khng ch bit c ni dung ca mail, m chng cn c th bit c cc thng tin nh a ch ca ngi gi, a ch ca ngi nhnChnh v vy m bo an ton v tnh ring t cho E-mail bn cng cn phi m ho chng S/MIME c tch hp trong hu ht cc chng trnh gi
Trang 15 NGUYN CH BO- MSSV: 2985.52- LP 52PM2
Chn Next
Nh ni ban u qu trnh Sniffer c th tin hnh c th cn c gi phn mm h tr WinPcap, ta tin hnh ci t WinPcap, chn Install .
Chn Ok ri Next .
Qu trnh ci t WinPcap bt u
n Finsih kt thc qu trnh ci t Bc 2: Qu trnh ci t thng s bt u qu trnh Sniffera Kt thc qu trnh ci t!ta bt tay vo cu hnh c th bt u sniffer Trong VD sau y s l cch thc sniffer 1 ti khong gm User v Password ca ti khong Gmail Bc 1: Thc hin trn my Attack, ta chy cng c Cain & Abel
Kch vo phn Configure cu hnh mng giao tip tin hnh sniffer. Ti y chng ta chn card mng s dng tin hnh sniffer v tnh nng APR . Check vo Option kch hot hay khng kch hot tnh nng. -Sniffer tng thch vi Winpcap version 2.3 hay cao hn . Version ny h tr card mng rt nhiu .Mng phn thc hnh ny l 192.168.119.128
-y l ni bn c th config ARP . Mc nh Cain ngn cch 1 chui gi gi ARP t nn nhn trong vng 30 giy . y thc s l iu cn thit bi v vic xm nhp vo thit b c th s gy ra s khng lu thng tnh hiu . T dialog ny bn c th xc nh thi gian gia mi ln thc thi ARP, xc nh thng s t s to cho ARP lu thng nhiu,ngc li s kh khn hn trong vic xm nhp . -Ti mc ny, ta cn ch ti phn Spoofing Options: +Mc u tin cho php ta s dng a ch MAC v IP thc ca my m mnh dang s dng. +Mc th hai cho php s dng mt IP v a ch MAC gi mo. (Lu a ch ta chn phi khng trng vi IP ca my khc) Khi click vo tab filters and ports, ta s thy mt s thng tin v giao thc v cc con s port tng ng vi giao thc . Fliter and Ports Tab: -Ti y bn c th chn kch hot hay khng kch hot cc port ng dng TCP/UDP
Chn Start ARP, ri chn Add To List( du + ) Su s hin ra mt Bng MAC Address Scanner Chn phn All hosts in my subnet -> OK
Chn a ch Router Sniffer 192.168.119.1 . Bn phi ta bi en ht chn ht ( OK) Chn Start ARP
Sau khi ng nhp vo trang web nhc , bn sang my attack v th TAB password, sau chn phn HTTP
Trang 34 NGUYN CH BO- MSSV: 2985.52- LP 52PM2
Kt qu sau khi sniffer l ta ly c password v Username cng nh ti khong ca Victim trn trang web Qu trnh sniffer kt thc. V thng tin ca bn c sniffer ly cp
Trang 35 NGUYN CH BO- MSSV: 2985.52- LP 52PM2
BO CO CHUYN 4-TM HIU V SNIFFER CHNG III: MT VI CCH CHNG SNIFFER TRONG LAN
Hin nay, khi ngi dng s dng cc dch v web yu cu phi ng nhp ID nh mail, ti khan din n v.v. Trong h thng mng LAN hay wirelessLAN vic b k xu s dng cc chng trnh nh cain&Abel, wireShark hay Ethereal capture, th vic b l ID l iu lm nhiu ngi au u. Nhng cch sau y phn no hn ch c vn ny. Th nht: cc chng trnh thuc dng ny ban u phi qut cc a ch IP trong mng, khi c IP ri th hacker mi tin hnh sniffer! Do cch u tin l v hiu ha Netbios name nhm ngn cn s d tm IP ca cc chng trnh ny.
Th hai: v mt c cu th cc chng trnh ny lm vic da trn phng thc thay i bng ARP v tn cng theo kiu "Man in the midle". Cch khc phc: kha cng bng ARP v chn dng ARP startic, c th lm vic ny trn tng Client, hay c th config trc tip trn Router! t bo v mnh th c th kha cng ARP trn my trnh b sniffer. Phng php phng chng phng chng sniffer trong mng Lan ta phi m ha bng ARP ca tng my client hoc cu hnh trn router bo v c h thng mng. Cc bc thc hin nh sau: B1: Khi ng CMD trn Windown (Start -> Run -> g cmd -> Enter hoc Windown + R) B2: Vo CMD, ta kim tra ARP bng lnh sau : Arp a Kt qu nh sau:
ct Type trong hnh v ta thy cc bng ARP ca cc my tnh trong mngLan u ch dynamic, kha khng cho thay i thng tin trong cc bng ARP ny ta cn phi chuyn sang ch static. B3: Kha cc bng ARP bng dng lnh sau: Arp s [a ch ip my cn kha ARP] [a ch Mac ca my tnh ] V d: arp -s 192.168.1.33 00-26-18-b7-22-db
Trang 38 NGUYN CH BO- MSSV: 2985.52- LP 52PM2
Tuy nhin ch l cch hn ch ch khng phi hon ton gip bn an ton tht s . V bn cn bit lm th no pht hin rng mnh ang b u c, cng c hu hiu nht s gip bn lm iu ny chnh l trnh duyt WEB( y ti dng l IE 7) V y l du hiu cnh bo ca trnh duyt khi c k no c tnh dng cain&Abel trong mng. Cain&Abel thay i hay lm gi mo cc CA pht ti cc Victim ca n. Th nhng khi cc CA ny c so snh vi CA mc nh ca Windows th ngay lp tc Windows pht hin ra s sai lch ca CA m n nhn t Cain&Abel, V pht ra thng ip cnh bo ngay trn trnh duyt IE khi ta login vo mt site s dng giao thc https Cc phn mm sniffer s gi mo thng tin ca certificate ca cc my ch mail server hoc web server nhm nh cp thng tin, nhng tt c s b Internet Explorer pht hin, chn li v hi thm.
y l mt thng ip cnh bo ht sc r rng, tuy nhin ngi dng bnh thng th li khng n cnh bo bt thng ny, v tt nhin l vn v t click vo dng "Continue to this webside". Th nhng IE li pht ra mt thng ip khc v thng bo trn Address v yu cu ngi dng kim tra CA bng cch xem li n mt ln na trc khi g username v password. Nu ngi dng vn v t b qua v g username password vo th coi nh cng khng cho hacker.
Trong trng hp nhn c thng bo t trnh duyt Internet Explorer nh trn(khi truy cp vo gmail th bit l Certificate xn ri !), ti khuyn bn nn chn Click here to close this webpage m bo rng nhng thng tin v ti khon v mt khu ca mnh vn cn an ton. iu cng c ngha rng trong h thng Lan m bn s dng truy cp internet xut hin ca cc Hacker ang ngi u ch chc tm mt khu ca bn. Qua bi vit mong rng s ng gp thm kinh nghim gip bn hn ch nhng him ha n t vic s dng dch v Internet trong mi trng nhiu ngi s dng. Qua cng gip bn hiu rng ti khon v mt khu ngn hng, email, qun tr website ca bn s b nh cp rt d dng v bt c lc no.
CHNG V: KT LUN
Em xin chn thnh cm n s hng dn nhit tnh v tn tm ca ging vin NGUYN H DNG hng dn em c hon thnh bo co chuyn 4 ny. Bo co tht s cho em tm hiu k cng hn nhng yu cu c bn v vic bo mt v an ton thng tin ca h thng mng my tnh hin nay, bit v tm quan trng ca s bo mt, cng nh tm hiu c su hn v cc cch tn cng ca hacker c th cnh bo , phng trnh, v i ph vi vic tn cng Trong qu trnh lm bo co chuyn , ch thc hin trn cc my o ln c th cha st vi thc t nn khng th trnh khi s st, bo co cn s si...Mong thy c th gp kin chng em c th han thin c kho nng qun tr v c th c thm kinh nghim trong lnh vc lp trnh mng v vn hnh mng, vn an ton v bo mt thng tin trn h thng mng my tnh Rt mong c thy gp chn thnh cho em c th tm hiu su hn v mt h thng an ton v bo mt thng tin hn na