TM HIU V SNIFFER V CC CCH PHNG CHNG

1. SNIFF l g? a. Sniffer l mt hnh tc nghe ln trn h thng mng, da trn nhng c im ca c ch TCP/IP. b. Sniffer l mt k thut bo mt,c pht trin nhm gip nhng nh Qun tr mng khai thc mng khai thc mng hiu qu hn v c th kim tra cc d liu ra vo mng, cng nh cc d liu chy trong mng. 2. SNIFF c chc nng ra sao? a. c pht trin thu thp cc gi tin trong h thng. b. Mc ch ban u l gip cc nh qun tr mng qun l h thng, kim tra cc li hay cc gi tin l. c. Sau ny cc hacker dung phng php ny ly ti khon, mt khu hay cc thong tin nhy cm khc d. Bin th ca Sniffer l cc chng trnh nghe ln bt hp php nh: Cng ngh nghe ln trn Yahoo, MSN, n cp password mail vv 3. Nhng iu kin no Sniff c th xy ra? a. Sniff c th hot ng mnh trong mng Lan, mng Wan, mng Wlan. b. iu kin cn ch l cng chung Subnet Mark khi Sniffer. c. Ngoi ra ta cn cn mt cng c bt v phn tch gi tin. 4. C bao nhiu loi Sniff chng hot ng nh th no? a. Active sniff i. Mi trng: ch yu hot ng trong mi trng c cc thit b chuyn mch gi. Ph bin hin nay l cc dng mng s dng switch. ii. C ch hot ng: ch yu hin nay thng dung c ch ARP v RARP (2 c ch chuyn i t IP sang MAC v t MAC sang IP) bng cc pht i cc gi tin u c, m c th y l pht i cc gi thong bo cho my gi gi tin l ti l ngi nhn mc khng phi l ngi nhn. iii. c im: do phi gi gi tin i nn c th chim bng thng mng. Nu sniff qu nhiu my trong mng. Nu sniff qu nhiu my trong mng th lng gi gi i s rt ln ( do lin tc gi i cc gi tin gi mo) c th dn n nghn mng hay gy qu ti trn chnh NIC ca my ang dung sniff ( tht nt c chai). iv. Ngoi ra cc sniffer cn dung 1 s k thut p dng d liu qua NIC ca mnh nh: 1. MAC flooding: lm trn b nh switch t switch s chy ch forwarding m khng chuyn mch gi. 2. Gii MAC: cc sniffer s thay i MAC ca mnh thnh MAC ca mt my hp l v qua c chng nng lc MAC ca thit b. 3. u c DHCP thay i gateway ca client. 4. b. Passive sniff

Trung Tm An Ninh Mng

http://nss.net.vn

i. ii.

iii.

Mi trng: ch yu hot ng trong mi trng khng c cc thit b chuyn mch gi. Ph bin hin nay l cc dng mng s dng hub, hay cc mng khng dy. C ch hot ng: do khng c cc thit b chuyn mch gi nn cc host phi broadcast cc gi tin i trong mng t c th bt gi tin li xem ( d host nhn gi tin khng phi l ni n cc gi tin ) c im: do cc my t broadcast cc gi nn hnh thc sniff ny rt kh pht hin. 5. Pht hin sniff trong mng nh th no? a. Active sniff i. Da vo qu trnh u c arp ca sniffer pht hin. 1. V phi u c arp nn sniffer s lin tc gi cc gi tin u c ti cc victim. Do , ta c th dung mt s cung c bt gi trong mng c th pht hin. 2. Mt cc khc ta c th kim tra bng arp ca host. Nu ta thy trong bng arp ny c 2 MAC ging nhau th lc ny c kh nng mng ang b sniffer. ii. Da trn bang thng 1. Do qu trnh gi cc gi tin u c ca sniffer nn qu trnh ny c th chim bng thng, t y ta c th dung 1 s cng c kim tra bang thng pht hin. 2. Tuy nhin cch ny khng hiu qu v chnh xc cng khng cao. iii. Cc cng c pht trin hin sniff hay pht hin u c arp 1. Xarp 2. Arpwatch 3. Symantec EndPoint 4. b. Passive sniff i. Kh c kh nng pht hin, v bt k host no trong mng cng c th bt c gi tin. ii. Tuy nhin dng mng loi sniff ny hot ng ch yu dng mng thng dung trong gia nh rt t s dng cho doanh nghip. iii. Tuy nhin, hin nay cc doanh nghip thng dung mng khng y cho cc my tnh xch tay th c th s dng them cc tnh nng lc Mac ca thit b, hay c th xc thc bng ti khon, mt khu hay kha truy cp.

6. Phng chng sniff ra sao? a. Active sniff i. Ngi qun tr

Trung Tm An Ninh Mng

http://nss.net.vn

1. Cng c: - Kim tra bng thng: nh nu trn cc sniffer c th gy nghn mng do c th dung cc cng c kim tra bang thng. Tuy nhin, cch lm ny khng hiu qu. - Bt gi tin: cc sniffer phi u c arp nn cc gi arp i lien tc, nu dng cc cng c ny ta c th thy c ai ang sniff trong mng. Cch ny tng i hiu qu hn, nhng c mt vi cng c sniff c th gi IP v MAC nh la. 2. Thit b: a. i vi thit b ta c th dung cc loi c chc nng lc MAC phng chng. b. Ring vi switch c th dung them chc nng VLAN trunking, c th kt hp them chc nng port security ( tng i hiu qu do dung VLAN v kt hp them cc chc nng bo mt). 3. Khc: Ngoi ra ta c th cu hnh SSL, tuy hiu qu nhng cha cao. ii. Ngi dng. 1. S dng arp dng tnh 2. Dng cc cng c pht hin sniff ( k trn): khi c thay i v thng tin arp th cc cng c ny s cnh bo cho ngi s dng. 3. Cn trng vi cc thng bo t h thng hay trnh duyt web: do mt s cng c sniff c th gi CA (cain v abel) nn khi b sniff h thng hay trnh duyt c th thng bo l CA khng hp l. 4. Tt chc nng Netbios (ngi dng cp cao) qu trnh qut host cc sniffer khng thc hin c. Tuy nhin cch ny kh c th p dng thc th nguyn nhn l do switch c th lu MAC trong bng thng tin ca n thng qua qu trnh hot ng. c. Passvice sniff i. Dng sniff ny rt kh pht hin cng nh phng chng. ii. Thay th cc hub bng cc switch, lc ny cc gi tin s khng cn broascast i na, nhng lc ny ta li ng trc nguy c b sniff dng active. 7.Mt s cng c sniff v phng chng sniff a. Cng c sniff i. Ettercap 1. Chy trn h linux, hin nay c c phin bn cho window. 2. C kh nng pht hin v c lp sniffer. 3. L mt cng c kh mnh trong linux ii. Cain v abel

Trung Tm An Ninh Mng

http://nss.net.vn

1. Chy trn window, c them mt s chc nng gii m, d mt khu. 2. L mt cng c mnh trong window iii.HTTP sniffer Mt cng c nghe ln cc truy cp vo website iv. vDHCP Mt cng c u c DHCP n gin v. Switch Sniffer 8. Tng kt

a. Sniff l hnh thc nghe ln thng tin trn mng nhm khai thc hiu qu hn ti nguyn mng, theo di thng tin bt hp php. Tuy nhin, sau ny cc hacker dung sniff ly thng tin nhy cm. Do , sniff cng l mt hnh thc hack. b. Sniff thng tc ng n cc gi tin, t tc ng mnh n phn h thng nn sniff rt kh pht hin. Do , tuy sniff hot ng n gin nhng rt hiu qu. c. Do gn nh khng trc tip tacts ng ln h thng mng nn cc hnh thc sniff sau khi hot ng thng t li du vt hay hu qu nghim trng. d. Tuy nhin nay cc c ch sniff c bin php phng chng v pht hin, nhng cc bin php phng chng v pht hin, nhng cc bin php ny cng khng thc s hiu qu trong mt vi trng hp, do , ngi khai thc cc h thng mng nn cn thn qu trnh khai thc, truy cp mng trnh mt mt thng tin quan trng. e. hn ch sniff trn cc h thng, cc nh qun tr nn c mt chnh sch nhm hn ch nhiu tip xc phn vt l ca h thng, subnet ca Lan, cu hnh Vlan, port secure trn switch. Tin hnh theo di cc gi tin trong mng, m ha thng tin, kim tra cc NIC ang ch promiscuous. f. i vi ngi dung nn c k cc thng bo t h thng nh CA, trong mt s trng hp do c ch arp hot ng nn khi gi danh MAC c hin tng thng bo trng IP trong mng.

Trung Tm An Ninh Mng

http://nss.net.vn