- PowerPoint PPT Presentation

About This Presentation
Title:

Description:

Title: PowerPoint Author: wishfree Last modified by: Choong Seon Hong Created Date: 11/23/2003 4:04:57 AM Document presentation format – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 36
Provided by: wish158
Category:
Tags: lecture

less

Transcript and Presenter's Notes

Title:


1
(No Transcript)
2
(No Transcript)
3
1. ???
  • sniff?? ????? ??
  • ?? ?????? ??? ??? ??? ?? ?
  • ??? ??? ?? ? ?? ?? ??.
  • ???(Passive) ??
  • LAN? ???? ???????(Promiscuous) ???? ??
  • ? ??? ??? MAC(Media Access Control) ?? ?? ???
    ??? ??? ? ??? ?? ?? ???? ??? ??? ????? ??
  • ??? ???? ?? ???? ????? ?? ?? (??? ?? ? ?? ??
    tool ??) ??????? ??

4
?????? ??????? ??? ????
Root ifconfig eth0 promisc
5
2. ??? ?? ??
1. TCP Dump
  • ?? ??? ??? ??
  • ???? ??? ?? ??? ?
  • Snort?? IDS? ?? ??????? ?
  • TCP Dump? ?? ??? ??? ?? ?? ??

6
TCP Dump? ???? ??? ???? ?????
TCP Dump? ?? Root ./configure Root make Root
make install
7
TCPDUMP Usage
  • To print all packets arriving at or departing
    from sundown
  • tcpdump host sundown
  • To print traffic between helios and either hot or
    ace
  • tcpdump host helios and \( hot or ace \)
  • To print all IP packets between ace and any host
    except helios
  • tcpdump ip host ace and not helios
  • To print all traffic between local hosts and
    hosts at Berkeley
  • tcpdump net ucb-ether
  • To print all ftp traffic through internet gateway
    snup (note that the expression is quoted to
    prevent the shell from (mis-)interpreting the
    parentheses)
  • tcpdump 'gateway snup and (port ftp or ftp-data)'
  • To print traffic neither sourced from nor
    destined for local hosts (if you gateway to one
    other net, this stuff should never make it onto
    your local net).
  • tcpdump ip and not net localnet
  • To print the start and end packets (the SYN and
    FIN packets) of each TCP conversation that
    involves a non-local host.
  • tcpdump 'tcptcpflags (tcp-syntcp-fin) ! 0
    and not src and dst net localnet'
  • To print all IPv4 HTTP packets to and from port
    80, i.e. print only packets that contain data,
    not, for example, SYN and FIN packets and
    ACK-only packets. (IPv6 is left as an exercise
    for the reader.)
  • tcpdump 'tcp port 80 and (((ip22 -
    ((ip00xf)ltlt2)) - ((tcp120xf0)gtgt2)) ! 0)'
  • To print IP packets longer than 576 bytes sent
    through gateway snup
  • tcpdump 'gateway snup and ip22 gt 576'
  • To print IP broadcast or multicast packets that
    were not sent via Ethernet broadcast or
    multicast

8
Telnet Login ? TCPDump ?? ?? wishfree? ??
9
Telnet Login ? TCPDump ?? ???? qwer1234? ??
10
2. Fragrouter
?? ??? ?????? ?? ???. ???? ??? ??? ????? ? ?????
? ??? ????? ?????? ?? ???? ??? ????. ????? ???
???? ?? ??? ? ?? ??? ??? ?? ???? ??? ?? ??.
Fragrouter ????
Root ./configure Root make
11
3. DSniff
  • DSniff? ???? ?? ??? ??
  • ???? ?? ??? ?? ???? ?
  • SSL? ?? ???? ?? ??? ????? ????, DSniff? ??? ????
    ??? ?????? ???? ??? ??
  • DSniff? ??? ? ?? ?? ftp, telnet, http, pop,
    nntp, imap, snmp, ldap, rlogin, rip, ospf, pptp,
    ms-chap, nfs, yp/nis, socks, x11, cvs, IRC, ATM,
    ICQ, PostageSQL, Citrix ICA, Symantec pcAnywhere,
    M.S. SQL, auth, info

12
DSniff ?? ? ???? ?
? ?                            ?
filesnarf NFS ????? ???? ??? ?? ????? ????.
macof ???? ??? ?? ???? ?? ??? ??? MAC ??? ???? MAC ???? ?????(Overflow)???.
mailsnarf SNMP? POP ? ????? ???? ? ? ?? ???.
msgsnarf ?? ???? ?????.
tcpkill ??? ? ?? TCP ??? ?? ???.
tcpnice ICMP source quench ???? ?? ?? TCP ??? ??? ???. ??? ?? ?????? ???? ?
arpspoof ARP ??? ??? ????.
dnsspoof DNS ??? ??? ????.
urlsnarf CLF(Common Log Format)??  HTTP ???? ????? ??? URL? ????.
13
DSniff? ???? ?? ?? ?????
Dsniff? ??
Root ./confiugre Root make Root make install
14
Dsniff? ??? ???? ???
Root dsniff
15
Tcpkill? ??? ?? ??
R(eset) ??? ?? tcp ??? ??? Root tcpkill
16
Tcpnice? ??? ??? ?? ??? ???
??? ??? ?? ??? ??? 8?? ????? ??, ???? ??????? ???
???. Root tcpnice
17
URLSNARF? ??? ? ?? ??
??? ???? ??? ??? ?? ?? ??? ? ? ??. Root urlsnarf
18
MAILSNARF? ?? ???
sendmail ??? ??? ??? ? ??? ???? ??? ?? ? ??.
Root mailsnarf
19
MSGSNARF? ??? ??? ?? ?? ???
MSN ???? ???? ??? ???? ?????. Root msgsnarf
20
4. Sniffer Pro (Window)
  • ?????? ??????? ??? ???? ??
  • WinPCAP? ?? ?????? ???? ???? ??
  • ??? ???? ??? GUI(Graphic User Interface)? ???
    ???? ??? ????? ??? ??? ?? ?? ???? ?? ??.

21
4. ??? ????? ???
  • Switch store frames, check the port, and
    forward to only destination, while Hub copies
    them to all ports.
  • ???? ???? ???? ??
  • ARP Spoofing ? ?? Sniffing
  • ICMP redirect ? ??? Sniffing

22
1. ARP ???, ARP/ICMP ?????
ARP ?????
  • ARP ????? ??? 2???? ??
  • ??? ??? ARP reply ??? ??? ??
  • ??? MAC ??? ????? ??????? ????? ?? ?
  • ARP ???? ??? ? ??? ??
  • ARP ?????? ?? ?? ??? ? ????? ? ??? ? ???? ??
  • ARP ?????? ????? ??? ???? ?? ???? MAC ??? ?? ???
    ?? ?? ?? ??? ?? ???? ???? ???? ?.

23
(No Transcript)
24
ICMP ?????
  • ?? ??? ????? ???? ?????? ???.
  • ??? ???? ???? ???? ??? ? ?? ??
  • ???? ?????? ? ? ?? ???? ?????(Load balancing)?
    ??
  • ?? ???? ??? ???? ??? ???? ?? ? ???? ??? ???
    ICMP ?????? ??.
  • ICMP ??? ??? ??? ????? ????? ?? ??
  • ???? ????? ???? ? ?? ??? ?? ? ????? ??? ?
  • ARP ???? ?? ?? ARP ???? ?? ???? ?? ?????? ????
    ???, ICMP ?????? ??? ??? ??? ?? ???? ????? ?.

25
ICMP ????? ?? ?? 1/2
26
ICMP ????? ?? ?? 2/2
1. ??? A? ??? ??? B? ???? ?? ? ??? A?
???(Default) ???? ???? ?? ??? ??? A? ???? ??? ??
??? ??? A? ???. 2. ??? A? ??? B? ??? ??? ????
??? ???? ???? ??? B? ??? B? ?????, ?? ????? ???
A? ?? ??? ??? B? ???. 3. ??? A? ?? ??? A? ??? B?
??? ??? ???? ???? ??? ??? A?? ICMP ????? ??? ??
??? A? ??? B? ??? ??? ??? B? ?? ???? ??. 4. ???
A? ??? ???? ??? B? ?? ?? ????, ??? B? ??? ??? ???
B? ????.
27
ICMP ?????? ???? ??? ???
?? ?? ??
28
ICMP Redirect ???? ??? Root gcc o icmp_redir
icmp_redir.c
?? ??? ? ?? fragrouter -B1
29
ICMP ??? ?? Root ./icmp_redir 192.168.1.1
192.168.1.143 216.239.37.99 192.168.1.142
ICMP ????? ?? ? TCP Dump Root tcpdump -vvv host
192.168.1.143
30
ICMP Redirect? ??? ??? ???? ?? Root route -C
31
5. ??? ??? ???
1. ??? ??
  • ??? ??? ????? ??? ?? ??? ??? ?? ??? ???? ?? ????
    ?? ???.
  • ???? ???? ?? ????? ????? ????? ???? ??? ??? ???
  • ???? ?? ??? ????? ???? ??????? ???? ????? ???
    ??.
  • ?? Ping, ARP

32
  • ? Ping? ??? ??
  • ???? ???? ?? TCP/IP?? ???? ??? request? ???
    response? ????.
  • ??? ?? ???? ping? ??? , ????? ???? ?? MAC ???
    ???? ??.
  • ?? ICMP Echo reply? ??? ?? ???? ???? ?? ?? ??
  • ???? ???? ?? MAC ??? ???? ??? ???? ?? ?? ????
    ??? ping request? ? ? ?? ?? ??.
  • ? ARP? ???? ??
  • ping? ??? ???? ??? ARP request? ??? ? ARP
    response? ?? ??????? ??? ???? ?? ??.

33
  • ? ??(Decoy)??
  • ??? ??? ?? ???? ?? ??? ??? ????? ??
  • ?? ???? ??? ???? ????? ?? ??? ????? ????? ??.
  • ???? ? ??? ????? ???? ??? ???? ? ??? ???? ????
    ?????? ???? ??? ? ??.
  • ? ARP watch
  • ??? MAC ??? IP ??? ?? ?? ???? ARP ???? ?????? ??
    ??? ?? ??? ???? ????? ??? ???? ???.

34
???? ????
Sentinel? ???? ???? ????. ./sentinel -e -t
192.168.1.144
35
???? ???? ?? ??, tcpdump? ??
???? ???? ?? ?? ??, tcpdump? ??
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!