Upload
nguyen-tuan-huy
View
8
Download
1
Embed Size (px)
Citation preview
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
1
KHOA TIN HC QUN L
AN TON V BO MT H THNG THNG TIN
nh Cp Thng Tin Ti Khon Trong Mng LAN V INTERNET
Ging vin hng dn:
GV. Trng Hoi Phan
Sinh vin thc hin
1. Nguyn Mnh Lm_K094061155
2. L Th Kiu Oanh_K094061173
3. L Th Thu_K094061188
4. Nguyn Th Thy_K094061190
5. Th Thanh Trang_K094061202
TP H Ch Minh - 2012
1.1.1.1.1.1.1.1 K09406
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
2
NHN XT CA GING VIN
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
3
Mc Lc
A. GII THIU S LC .................................................................................................................... 4
B. LOCAL AREA NETWORK .............................................................................................................. 4
I. SSL Strip .......................................................................................................................................... 4
1. SSL Strip ....................................................................................................................................... 4
2. Cch thc hin .............................................................................................................................. 7
3. Nhn xt v cch phng chng .................................................................................................... 8
II. nh Cp Cookie, Cp Session ................................................................................................ 8
1. ARP v vic u c ARP ........................................................................................................... 9
2. Cp cookies v chim quyn iu khin session ................................................................... 10
3. Kt lun v cc bin php phng chng .................................................................................. 18
III. DNS Spoofing .............................................................................................................................. 18
1. DNS Spoofing .............................................................................................................................. 18
2. Cc bc thc hin .................................................................................................................... 20
3. Kt lun v cch phng chng .................................................................................................. 21
IV. Sniff Password Dng Wireshark .............................................................................................. 22
1. Wireshark ................................................................................................................................... 22
2. Cch thc hin ............................................................................................................................ 22
3. Kt lun v bin php phng chng ......................................................................................... 25
C. INTERNET NETWORK.................................................................................................................. 25
I. Ly Cp Thng Tin Ti Khon Yahoo, Gmail, Facebook Dng Keylogger ............................ 25
1. Keylogger .................................................................................................................................... 25
2. Cch thc hin ............................................................................................................................ 26
3. Kt lun cch phng chng .................................................................................................... 30
II. Dng Web La o ................................................................................................................... 30
1. Cch thc hin ............................................................................................................................ 30
2. Ng cnh v mc ch t c ............................................................................................... 32
3. Nhn xt v cch phng chng .................................................................................................. 32
D. DANH SCH NHM PHN CNG VIC ................................................................................ 32
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
4
A. GII THIU S LC
Mng cc b(Local Area Network) dng kt ni cc my tnh vi nhau trong 1 khu vc.
Kt ni c thc hin thng qua mi trng truyn thng tc cao nh dy cp. Cc LAN
cng c th kt ni vi nhau thnh WAN. LAN thng bao gm mt my ch (server , host) cn
gi l my phc v. My ch thng l my c b x l (CPU) tc cao, b nh (RAM) v a
cng (HD) ln.
Internet l mt h thng thng tin ton cu c th c truy nhp cng cng gm cc mng
my tnh c lin kt vi nhau. H thng ny truyn thng tin theo kiu ni chuyn gi d liu
(packet switching) da trn mt giao thc lin mng c chun ha giao thc IP. H thng
ny bao gm hng ngn mng my tnh nh hn ca cc doanh nghip, ca cc vin nghin cu
v cc trng i hc, ca ngui dng c nhn, v cc chnh ph trn ton cu.
Sniffer l mt hnh thc nghe ln trn h thng mng, da trn nhng c im ca c ch
TCP/IP. N cng l mt k thut bo mt, c pht trin nhm gip cc nh qun tr mng
khai thc v kim tra d liu lu thng trn mng 1 cch hiu qu.
C 2 loi sniffer l: active sniffer v passive sniffer.
Qu trnh sniffer:
- Bc 1: Tin hnh u c ARP, s dng cc tool nh ettercap chy trn linux v cain &
abel chy trn windows.
- Bc 2: Sau khi u c ARP, my hacker tr thnh k dng gia, sniff cc gi tin c
trao i gia my nn nhn v gateway. Qua hacker c th bt cc gi tin cha thng
tin quan trng v d cc gi tin ng nhp vo cc website, email. Vi nhiu phng php,
hacker c th tin hnh sniff cookie, cp sessison, thc hin DNS spoofing a nn
nhn vo a ch gi mo.
B. LOCAL AREA NETWORK
I. SSL Strip
1. SSL Strip
SSL v HTTPS
Secure Socket Layers (SSL) hoc Transport Layer Security (TLS) di s thi hnh hin i hn ca n, l cc giao thc c thit k cung cp bo mt cho truyn thng mng bng phng php m ha. Giao thc ny d c kt hp vi cc giao thc khc nht cung cp mt thc thi an ton cho dch v m giao thc cung cp. Cc v d dn chng y gm c SMTPS, IMAPS v HTTPS. Mc tiu ti thng l to cc knh an ton trn cc mng khng an ton.
Trong phn ny, chng ti s tp trung gii thiu vo tn cng SSL trn HTTP, c bit n nh HTTPS, v n l trng hp s dng ph bin nht ca SSL. C th khng nhn ra nhng hu nh chc chn bn ang s dng HTTPS hng ngy. Cc dch v email ph bin nht v cc ng dng ngn hng trc tuyn
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
5
u da vo HTTPS bo m truyn thng gia trnh duyt web ca bn v cc my ch ca h c m ha an ton. Nu khng s dng cng ngh ny th bt c ai vi mt b nh hi gi d liu trn mng cng u c th pht hin ra c username, password v bt c th g c n khc.
Qu trnh c s dng bi HTTPS bo m an ton d liu l xit cht cc trung tm c lin quan n vic phn phi cc chng ch gia my ch, my khch v hng th ba c tin cy. Ly mt v d v trng hp c mt ngi dng ang c gng kt ni n mt ti khon email ca Gmail. Qu trnh ny s gm c mt vi bc d nhn thy, cc bc ny c n gin ha trong hnh 1 bn di.
Hnh 1: Qu trnh truyn thng HTTPS
Qu trnh c phc tho trong hnh 1 khng phi l mt qu trnh chi tit, tuy nhin v c bn n s lm vic nh sau:
- Trnh duyt my khch kt ni n https://www.mail.google. trn cng 80 bng cch s dng HTTP
- My ch redirect phin bn HTTPS my khch ca site ny bng cch s dng HTTP code 302.
- My khch kt ni n https://www.mail.google.com trn cng 443. - My ch s cung cp mt chng ch cho my khch gm c ch k s ca
n. Chng ch ny c s dng thm nh s nhn dng ca site. - My khch s dng chng ch ny v thm nh chng ch ny vi danh
sch cc nh thm nh chng ch tin cy ca n. - Truyn thng m ha s xy ra sau .
Nu qu trnh hp l ha chng ch tht bi th iu c ngha rng cc website tht bi trong vic thm nh s nhn dng ca n. Ti im ny, ngi dng s thy xut hin mt li thm nh chng ch v h vn c th tip tc vi nhng ri ro c th, v rt c th s khng c s truyn thng thc s vi website m h ngh h cn truy cp n.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
6
Ph hy HTTPS
Qu trnh ny c xem l an ton cao cch y mt vi nm khi c mt tn cng cng b rng n c th chim quyn iu khin thnh cng qu trnh truyn thng. Qu trnh ny khng lin quan n bn thn vic ph hy (defeating) SSL, m ng hn l ph hy cu ni gia truyn thng khng m ha v m ha.
Moxie Marlinspike, mt chuyn gia nghin cu bo mt hng u cho rng trong hu ht cc trng hp, SSL cha bao gi b trc tip tn cng. Hu ht thi gian mt kt ni SSL c khi to thng qua HTTPS nn nguyn nhn c th l do ai redirect mt HTTPS thng qua mt m p tr HTTP 302 hoc h kch vo lin kt direct h n mt site HTTPS, chng hn nh nt ng nhp. tng y l rng nu bn tn cng mt phin giao dch t mt kt ni khng an ton n mt kt ni an ton, trong trng hp ny l t HTTP vo HTTPS, bn s tn cng cu ni v c th man-in-the-middle kt ni SSL trc khi n xut hin. thc hin hiu qu iu ny, Moxie to mt cng c SSLstrip, chng ta s s dng cng c ny di y.
Qu trnh thc hin kh n gin v gi nh li cc tn cng m chng ta nghin cu trong cc phn trc ca lot bi. N c phc tho nh trong hnh 2 bn di.
Hnh 2: Chim quyn iu khin truyn thng HTTPS
Qu trnh c phc tho trong hnh 2 lm vic nh sau:
- Lu lng gia my khch v my ch u tin s b chn - Khi bt gp mt HTTPS URL, sslstrip s thay th n bng mt lin kt
HTTP v s nh x nhng thay i ca n. - My tn cng s cung cp cc chng ch cho my ch web v gi mo
my khch.
- Lu lng c nhn tr li t website an ton v c cung cp tr li cho my khch.
Qu trnh lm vic kh tt, my ch c lin quan vn nhn lu lng SSL m khng h bit v s khc bit ny. Ch c mt s khc bit r rt trong tri nghim ngi dng l lu lng s khng c cm c HTTPS trong trnh duyt, v vy mt ngi dng c kinh nghim s c th thy l mt iu d thng.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
7
2. Cch thc hin
Bc 1: Tin hnh u c ARP
Bc 2: Cu hnh chuyn tip IP.
Bc 3: Cu hnh IPTables nh tuyn ng lu lng HTTP.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
8
Bc 4: Chy SSL strip.
Khi hon tt, bn s c th chim quyn iu khin bt c kt ni SSL no ang c thit lp. T y, bn c th khi chy tin ch nh hi d liu v thu thp mt khu, cc thng tin nhn dng c nhn khc nh s th tn dng,... t lu lng.
3. Nhn xt v cch phng chng
Nh c gii thiu trn, vic chim quyn iu khin SSL theo cch ny l hu nh khng th pht hin t pha trnh ch v my ch c tng n vn truyn thng bnh thng vi my khch. N khng h c tng rng ang truyn thng vi mt client bi proxy. Vic nng cp trnh duyt cng kh quan trng. Khuyn co nn s dng cc trnh duyt khc Internet explorer.
II. nh Cp Cookie, Cp Session
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
9
1. ARP v vic u c ARP
u tin hiu r hn v qu trnh nh cp cookies bng BackTrack4,
chng ta cn tm hiu mt cht v ARP v vic u c ARP. Vy ARP l g?
Trn thc t, cc card mng (NIC) ch c th kt ni vi nhau theo a ch
MAC, a ch c nh v duy nht ca phn cng. Do vy ta phi c mt c ch
chuyn i cc dng a ch ny qua li vi nhau. T ta c giao thc phn gii
a ch: Address Resolution Protocol (ARP).
Vy ARP hot ng trong mng Lan nh th no? Hiu r c ch hot ng
ca Arp s gip chng ta d dng hiu v vic th no l u c ARP. Khi mt
thit b mng mun bit a ch MAC ca mt thit b no m n bit a ch
tng network, n s gi mt ARP request bao gm a ch MAC ca n v a
ch IP ca thit b m n cn bit a ch MAC. Mi mt thit b nhn c request
ny s so snh a ch IP trong request vi a ch tng network ca mnh. Nu
trng a ch th thit b phi gi ngc li cho thit b gi ARP request mt gi
tin (trong c cha a ch MAC ca mnh).
Vic gi mo bng ARP chnh l li dng bn tnh khng an ton ca giao
thc ARP. Khng ging nh cc giao thc khc, chng hn nh DNS (c th c
cu hnh ch chp nhn cc nng cp ng kh an ton), cc thit b s dng
giao thc phn gii a ch (ARP) s chp nhn nng cp bt c lc no. iu ny
c ngha rng bt c thit b no c th gi gi ARP reply n mt my tnh khc
v my tnh ny s cp nht vo bng ARP cache ca n ngay gi tr mi ny. Vic
gi mt gi ARP reply khi khng c request no c to ra c gi l vic gi
ARP c. Khi cc ARP reply c ny n c cc my tnh gi request,
my tnh request ny s ngh rng chnh l i tng mnh ang tm kim
truyn thng, tuy nhin thc cht nn nhn li ang truyn thng vi mt k tn
cng.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
10
2. Cp cookies v chim quyn iu khin session
Thut ng chim quyn iu khin session (session hijacking) cha ng
mt lot cc tn cng khc nhau. Nhn chung, cc tn cng c lin quan n s
khai thc session gia cc thit b u c coi l chim quyn iu khin session.
Khi tr thnh k ng gia (Man in the midle), hacker c th bt cc gi tin
lu thng trn card mng ca nn nhn, qua Hacker c th phn tch v tm
c cookie, cp session ca nn nhn, s dng ti khon trc tuyn ca nn
nhn m khng cn thng qua chng thc username/password.
Trn thc t, khng c th g i qua mng c an ton, v d liu session
cng khng c g khc bit. Nguyn l n sau hu ht cc hnh thc chim quyn
iu khin session l nu c th chn phn no dung thit lp mt session,
khi hacker c th s dng d liu th vai mt trong s nhng thnh phn
c lin quan trong truyn thng v t c th truy cp cc thng tin session.
hiu r v vn cp cookies v chim quyn iu khin session,
nhm thit lp mt kch bn nn nhn ng nhp vo facebook v hacker s tin
hnh cp cookies ca nn nhn v dng n vo facebook ca nn nhn m
khng cn username v password.
Trong kch bn v d m a ra, nhm s thc hin mt tn cng chim
quyn iu khin session bng cch chn s truyn thng ca mt ngi dng ang
ng nhp vo ti khon Facebook ca anh ta. V li dng s truyn thng b chn
ny, nhm s ng vai ngi dng v truy cp vo ti khon t my tnh ang
dng tn cng. thc hin v tn cng, nhm s dng Back Track 4.
u tin t my ca nn nhn, nn nhn ng nhp vo facebook
Trang giao din Home ca ti khon nn nhn
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
11
Cc thng s Netword ca my nn nhn
Bc 1: My tnh dng tn cng khi ng Back Track 4, v vo phn Konsole
( vung trong hnh) tin hnh vic u tin l u c ARP
Bc 2: Trong ca s Konsole, g dng lnh ettercap T p M arp
/192.168.1.100/ /192.168.1.1/ -i eth0 ( eth0 v ang s dng mng c dy) trong
192.168.1.100 l IP Adress ca my nn nhn v 192.168.1.1 l Default Gateway
ca my nn nhn
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
12
Sau khi g dng lnh v nhn enter, Back Track 4 s thng bo u c ARP
thnh cng v cc thng bo v vic nn nhn ng nhp facebook c hin th
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
13
Bc 3: Sau khi u c ARP, nhm tin hnh capture lu lng v phn tch cc
gi d liu ny, v ARP b u c nn cc gi d liu s c bo m capture
ng.
Khi ng Wireshark trong BackTrack 4
Giao din chnh ca Wirsshack hin ra, nhm chn eth0 v ang s dng mng c
dy
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
14
Sau khi chn, Wireshark s bt u tin hnh capture cc gi d liu t my tnh
nn nhn
Sau khi Wireshark capture xong, v nhm ang tin hnh nh cp cookies
nn s ch quan tm ti nhng gi lin quan cookies ca nn nhn, nn nhm s lc
ra nhng gi lin quan n cookies ca nn nhn
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
15
Bc 4: T nhng gi c lc ra, nhm tm kim gi thng tin no c cha
cookies lin quan ti vic nn nhn ng nhp Facebook tin hnh nh cp n
Sau
khi tm ra gi cha cookies ca nn nhn, nhm tin hnh nh cp cookies
Nhng thng tin v cookies ca nn nhn c nhm ly ra, nhng nhm ch quan
tm ti c_user v xs
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
16
Bc 5: T nhng thng tin v cookies ca nn nhn m nhm cp c, nhm
to cookie c_user v xs cho trnh duyt, lm vic ny, nhm dng trnh duyt
Firefox v Add On Cookies Manager+
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
17
Trong giao din Add Cookies, nhm tin hnh add hai cookie c_user v xs
Bc 6: Hon tt, nhm tin hnh cp cookies xong, cui cng nhm m trnh
duyt ln v g vo thanh a ch facebook.com, trnh duyt s a ti facebook
ca nn nhn
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
18
3. Kt lun v cc bin php phng chng
Bng phng php nh cp cookie, hacker c th thm nhp vo ti khon
ca nn nhn, gi mo nn nhn phc v cho ca mnh, ch yu l la o.
Tuy nhin khng th chim c ti khon ca victim v khng bit password. Ch
cn user ch ng out ra, ngay lp tc cookie b xa => hacker d bt c nhng
khng th s dng v cookie ny ht hiu lc.
Ngoi ra c mt s bin php phng trnh nhng yu t nguy c:
Truy cp ti nh: C hi ai c th chn lu lng ca bn trn mng
gia nh t hn nhiu so vi mng ni lm vic. iu ny khng phi v my tnh
nh ca bn thng an ton hn, m vn l bn ch c mt hoc hai my tnh
ti nh. Trn mng LAN ni khc (v d ni bn lm vic), bn khng bit nhng
g ang din ra bn di tin snh hoc trong vn phng chi nhnh cch 200
dm, v vy ngun tn cng tim n l rt nhiu. Cn bit rng mt trong nhng
mc tiu ln nht ca tn cng chim quyn iu khin session l ti khon ngn
hng trc tuyn, tuy nhin ngoi ra n cn c p dng cho mi th.
Cn c s hiu bit v tn cng: Nhng k tn cng tinh vi, k c n cc
hacker dy dn nht cng vn c th mc li v li du vt tn cng bn.
Vic bit thi im no bn b ng nhp vo cc dch v da trn session c th
gip bn xc nh c rng liu c ai ang rnh rp mnh hay khng. Do
nhim v ca bn l cn phi canh chng mi th, quan tm n thi gian ng
nhp gn nht bo m mi th vn din ra tt p.
Bo mt tt cho cc my tnh bn trong: Cc tn cng ny thng c
thc thi t bn trong mng. Do nu cc thit b mng ca bn an ton th c hi
cho k tn cng tha hip c cc host bn trong mng ca bn s t i, v t
gim c nguy c tn cng chim quyn iu khin session.
III. DNS Spoofing
1. DNS Spoofing
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
19
Gi mo DNS
Gi mo DNS l mt k thut MITM c s dng nhm cung cp thng tin
DNS sai cho mt host khi ngi dng duyt n mt a ch no , v
d, www.yahoo.com c IP XXX.XX.XX.XX, th c gng ny s c gi n mt
a ch www.24h.com.vn gi mo c tr a ch IP YYY.YY.YY.YY, y l a
ch m k tn cng to trc nh cp cc thng tin ti khon ngn hng trc
tuyn t ngi dng.
Truyn thng DNS
Giao thc Domain Naming System (DNS) nh c nh ngha trong RFC
1034/1035 c th c xem nh l mt trong nhng giao thc quan trng nht
c s dng trong Internet. Ni ngn ngn d hiu, bt c khi no bn nh
mt a ch web chng hn nh http://www.google.com vo trnh duyt, yu cu
DNS s c a n my ch DNS tm ra a ch IP tng xng vi tn min
m bn va nhp. Cc router v cc thit b kt ni Internet s khng hiu
google.com l g, chng ch hiu cc a ch chng hn nh 74.125.95.103.
My ch DSN lm vic bng cch lu mt c s d liu cc entry (c gi
l bn ghi ti nguyn) a ch IP bn ha tn DNS, truyn thng cc bn ghi
ti nguyn n my khch v n my ch DNS khc. Kin trc my ch DNS
trong ton doanh nghip v Internet l mt th kh phc tp. Nh mt vn ca
thc t, bn c th hnh dung chng nh cc quyn s chuyn dng cho kin trc
DNS. Chng ti s khng i vo gii thiu cc kha cnh v kin trc hay thm ch
cc kiu lu lng DNS khc nhau, m ch gii thiu mt phin giao dch DNS c
bn.
Hnh 1: Truy vn v p tr DNS
DNS hot ng theo hnh thc truy vn v p tr (query/response). Mt
my khch cn phn gii DNS cho mt a ch IP no s gi i mt truy vn n
my ch DNS, my ch DNS ny s gi thng tin c yu cu trong gi p tr
ca n. ng trn phi cnh my khch, ch c hai gi xut hin lc ny l truy
vn v p tr.
Kch bn ny s c i cht phc tp khi xem xt n s hi quy DNS. Nh
c cu trc th bc DNS ca Internet, cc my ch DNS cn c kh nng truyn
thng vi nhau a ra cu tr li cho cc truy vn c trnh bi my khch.
Nu tt c u din ra thun li nh mong i, my ch DNS bn trong ca chng
ta s bit tn bn ha a ch IP cho my ch bn trong mng ni b, tuy
nhin khng th mong i n bit a ch tng quan gia Google hoc Dell. y
l ni s quy ng vai tr quan trng. S quy din ra khi mt my ch DNS
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
20
truy vn my ch DNS khc vi t cch my khch to yu cu. V bn cht, cch
thc ny s bin mt my ch DNS thnh mt my khch 2. Cc bc thc hin
Bc 1: M file etter.dns
Bc 2: Tr dns ca tn min v ip no
Bc 3: u c arp ca victim v dng plug-in dns_spoof
Bc 4: Khi victim truy cp cc tn min sa bc 2 ta nhn c thng bo
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
21
Bc 5: chy trang www.yahoo.com xem kt qu gi mo DNS Spoofing
3. Kt lun v cch phng chng
Kh kh phng chng vic gi mo DNS v c kh t cc du hiu tn cng.
Thng thng, bn khng h bit DNS ca mnh b gi mo cho ti khi iu xy
ra, y l mt phng php tn cng cc k nguy him. Bin php phng chng:
- Bo v cc my tnh bn trong ca bn: Cc tn cng ging nh trn thng c thc thi t bn trong mng ca bn. Nu cc thit b mng ca an ton th s bn s gim c kh nng cc host b tha hip v c s dng khi chy tn cng gi mo.
- Khng da vo DNS cho cc h thng bo mt: Trn cc h thng an ton v c nhy cm cao, khng duyt Internet trn n l cch thc hin tt nht khng s dng n DNS. Nu bn c phn mm s dng hostname thc hin mt s cng vic ca n th chng cn phi c iu chnh nhng g cn thit trong file cu hnh thit b.
- S dng IDS: Mt h thng pht hin xm nhp, khi c t v trin khai ng, c th vch mt cc hnh thc gi mo ARP cache v gi mo DNS.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
22
- S dng DNSSEC: DNSSEC l mt gii php thay th mi cho DNS, s dng cc bn ghi DNS c ch k bo m s hp l ha ca p tr truy vn. Tuy DNSSEC vn cha c trin khi rng ri nhng n c chp thun l tng lai ca DNS.
IV. Sniff Password Dng Wireshark
1. Wireshark
L cng c dng phn tch cc giao thc ca mng cho php xem chi tit cc giao thc mng hin c, bt cc gi tin v phn tch offline chng, phn tch VoIP.
C th c/ghi nhiu dng file nh tcpdump (libpcap), Catapult DCT2000,
Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer,
D liu nn dng gzip bt c c th gii nn ngay lp tc, cung cp nhiu
phng thc gii nn nh IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP,
Lm vic vi nhiu loi kt ni mng, bao gm Ethernet, IEEE 802.11,
PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI,
Hacker sniff c gi tin v bt c usernam/password truy cp vo cc din n
vi chui mt khu b m ha md5, hacker tin hnh d password v tm ra kt
qu
Quy trnh m ha v chng thc: Bc 1: client chy hm md5 m ha password vit bng javascript ri gi ln
server bng phng thc POST hoc GET.
Bc 2: Server nhn chui m ha v tin hnh d vi database.
Bc 3: Server thng bo thnh cng. User log in.
2. Cch thc hin
Bc 1: u c ARP, c ch: xy dng ARP table, my tnh s gi cc ARP request, sau nhn li cc ARP reply. H thng hon ton khng c c ch
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
23
xc minh xem thng tin ca ARP reply l tht hay gi, thng tin ny s c lu li vo ARP table s dng. Li dng im yu ny ngi tn cng s thc hin u c h thng ARP bng cch gi mt p ng ARP khng yu cu n host mc tiu. Mt p ng ARP gi s cha a ch phn cng ca thit b bnh thng v a ch IP ca thit b c xu
Bc 2: Chy wireshark tin hnh bt gi tin ng nhp vo din n vn-
zoom.com.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
24
Bc 3: Sau khi c username v chui m ha md5, hacker tin hnh save page
ng nhp ca din n v chnh sa cc value, sau gi username v chui m
ha password.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
25
3. Kt lun v bin php phng chng
Dng lnh:
- ipconfig /all xem MAC ca mnh
- arp -a xem bng ARP trn my mnh, kim tra MAC ca B c phi ng l
MAC B hay khng.
- arp -d * xa ton b ARP table trn my mnh, nh vy cc a ch MAC b
tn cng cng mt, v my tnh s bt u hc li. Nhng nu my tn cng
vn tip tc bm cc gi tin ARP u c th vic xa ARP table ny cng v
ch
- arp -s gn c nh IP ch vo MAC tht ca n, nh vy k tn cng khng
u c c IP ny na. Nhng vic ny khng kh thi cho mng ln, nhiu
my tnh, v c s thay i IP (v d dng DHCP).
Dng phn mm :
Chng ta c th ci t phn mm Anti ARP trnh vic nhn ARP Reply
gi mo
D ng thit :
Dynamic ARP Inspection : Switch s da vo bng DHCP Snooping
Binding kim tra gi tin ARP Reply c gi ra xem c hp l hay khng, nu
khng hp l s DROP ngay
C. INTERNET NETWORK
I. Ly Cp Thng Tin Ti Khon Yahoo, Gmail, Facebook Dng Keylogger
1. Keylogger
Keylogger l mt chng trnh my tnh nhm mc ch theo di v ghi li
mi thao tc thc hin trn bn phm vo mt tp tin nht k (log) cho ngi ci
t n s dng. V chc nng mang tnh vi phm vo ring t ca ngi khc ny
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
26
nn cc trnh keylogger c xp vo cc phn mm gin ip. Keylogger nh gn,
s dng t b nh nn kh pht hin.
Ci keylogger ln my nn nhn hoc c th gi cho nn nhn mt file no
nh km keylog, t keylog s gi ti khon v password ca nn nhn v
mail ca hacker.
V sau, khi keylogger pht trin cao hn n khng nhng ghi li thao tc bn
phm m cn ghi li c cc hnh nh hin th trn mn hnh bng cch chp (screen-
shot) hoc quay phim (screen-capture) thm ch cn ghi nhn cch con tr chut di
chuyn.
Keylogger gm 2 loi: keylogger phn cng v keylogger phn mm.
Mt keylogger thng gm 3 phn chnh:
- Chng trnh iu khin (Control program): iu phi hot ng, tinh chnh cc thit lp, xem cc tp tin nht k. Thng thng ch c th gi bng t hp phm tt.
- Cch thc ci t vo my: Cc loi keylogger thng thng khi ci t vo
my cng ging nh mi chng trnh my tnh khc, u phi qua bc
ci t. Loi keylogger nguy him nht c th vo thng my ca ngi
dng b qua bc ci t, dng tnh nng autorun cng chy vi h
thng. Mt s loi t th (drop) mnh vo cc chng trnh khc, khi
ngi dng s dng cc chng trnh ny keylogger s t ng chy theo.
- Cch hot ng: Hook file hay monitor program ca keylogger theo di n
s ghi nhn v dch li cc tnh hiu ghi vo tp tin nht k. ng thi n
cn c th theo di c mn hnh v thao tc chut.
2. Cch thc hin
Bc 1: Click chut phi chn Option Ci t Keylogger.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
27
Bc 2:
Run on windows startup v Don't show program icon at startup, 2 ci
ny c cng dng l khi windows khi ng th n cng t ng chy vi ch n ti Show / hide program icon l ch phm tt.
remove the program from uninstation list, ci ny dng n keylog trong trnh ng dng g b cc chng trnh ci t c sn trong windows cng nh cc trnh ng dng tng t khc
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
28
Bc 3: mc Logging cng nh du ht... ri nhn vo Password t m cho
con trojan.. mnh tin qun l
Bc 4: Ti Make screen capture screenhot every cc pro chn s pht m chng trnh t ng chp cnh mn hnh 1 pht hoc vi pht hoc c th lu hn Picture Quality l cht lng ca nh... cng cao th cng nng.
Bc 5: mc Email
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
29
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
30
Sau khi ci t thnh cng th ghp keylogger vo phn mm gi cho victim ci t. V vo mail thit lp kim tra cc file log v capture-screen m keylogger ghi nhn trn my victim.
3. Kt lun cch phng chng
S dng key logger l phng php rt hiu qu lu li din bin lm vic trn mn hnh v bn phm ca my nn nhn. Qua bt c hot ng ca nn nhn, cc thng tin v user, password. y l phng php tn cng hiu qu, tuy nhin, s pht trin ca cc chng trnh dit virus, security hn ch s pht tn v s dng cc loi key logger thng thng. V vy phng php phng chng xut nh sau:
- Hn ch s dng dng chung my tnh, ci t mt khu bo v cho my tnh.
- Khng m cc tp tin l khng r ngun gc, ch cc file c phn m rng: exe, com, bat, scr, swf, zip, rar
- Khng vo cc trang web l,
- Khng click cc ng link l.
- Khng ci cc phn mm l.
- Khng download chng trnh t cc ngun khng tin cy.
- Ci cc phn mm chng virus, spyware, trojanm tng la khi duyt web.
- Cp nht thng xuyn cc bn v cho h iu hnh v cc chng trnh phng chng.
II. Dng Web La o
1. Cch thc hin
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
31
Dng mt trang web la o ging giao din ng nhp ca trang cn ly ti
khon. Sau tm mt tn min gn ging vi tn min ca trang web mun la o,
vd: yahooo.com, gmail.server.com, Ta chnh sa mt s on code trong trang ng
nhp sau up ln mt web server no v tr tn min v web server . Gi link
cho nn nhn hoc lm cch no la nn nhn vo link gi.
Cch thc hin
Bc 1: Chnh sa li trang ng nhp, cho action v trang xuly.php
Bc 2: To trang xuly.php
Bc 3: To file connect.php nh sau: $hostname l tn min ca web server.
Bc 4: to database tn yahoo c 1 bng password gm 2 ct: Passwd v User
Bc 5: Up ln webserver v th nghim.
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
32
Kt qu:
2. Ng cnh v mc ch t c
Vic gi mo trang ng nhp ch thc hin c khi nn nhn vo trang la o
m ta dng sn, vic ny kh thc hin nu nn nhn tn min ca trang web.
Vic dng mt trang web la o c th ly c thng tin ca nn nhn. T c th
truy cp cc ti khon v s rt nguy him nu l ti khon ngn hng.
3. Nhn xt v cch phng chng
Vic lm web gi mo rt d thc hin ng thi cng rt d pht hin. Ch cn
ch khi ta ng nhp c th trnh c vic b mt ti khon.
Cn ci t antivirus, khng click vo cc ng link l trnh vic nhim
keylogger.
D. DANH SCH NHM PHN CNG VIC
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
33
H V Tn MSSV a Ch Mail Nhim V
Nguyn Mnh Lm
K094061155
nh cp cookie - cp session
L Th Kiu Oanh
K094061173
Sniff password
dng wireshark
L Th Thu
K094061188
Keylogger
Trang web o
Nguyn Th Thy
K094061190
SSL strip
Th Thanh Trang
K094061202
DNS spoofing
HT
An Ton V Bo Mt H Thng Thng Tin
Nhm 2 - K09406 - 2012
34