GVHD : Th.S Nguyn Minh Nht Lp: D18TMTB2 Thnh vin nhm: - Nguyn Vit Lc. - Trn Thnh Danh. - Dip Hong Phc. - Nguyn Tin Dng. TI: SNIFFER Nghe ln l g L hng cc giao thc Cc kiu tn cng - Tn cng DHCP - Tn cng DNS - Tn cng ARP Nghe ln l mt tin trnh cho php gim st cuc gi v cuc hi thoi internet bi thnh phn th ba. K tn cng thit b lng nghe gia mng mang thng tin nh hai thit b in thoi hoc hai thit b u cui trn internet.
Kiu nghe ln B ng Gim st v ghi li tt c thng tin lu lng Ch ng Ch gim st v ghi li thng tin lu lng Sniffer t card mng ch a mode v lng nghe tt c cc d liu chuyn i trn mng Sniffer c th c cc thng tin trn my tnh thng qua card NIC bng cch gii m cc thng tin c ng gi trong gi tin
4 Telnet RLogin HTTP SMTP NNTP POP FTP IMAP T hp phm bao gm username v pasword D liu c gi di dng clear text Password v d liu c gi di dng clear text Password v d liu c gi di dng clear text Password v d liu c gi di dng clear text Password v d liu c gi di dng clear text Password v d liu c gi di dng clear text 5 Ngp lt MAC l lm ngp lt switch vi mt s lng ln yu cu . Switch c b nh gii hn cho vic nh x a ch MAC v port vt l trn switch Ngp lt MAC lm cho b nh gii hn ca switch y ln bng cch gi mo nhiu a ch MAC khc nhau v gi n switch Lc ny switch hot ng nh mt hub v cc gi tin s c gi ra tt c cc my trn cng min mng v k tn cng c th d dng nghe ln 6 Bng CAM ca switch th c kch thc gii hn. N lu tr thng tin nh a ch MAC address gn vi cng tng ng trn switch cng vi cc tham s min mng vlan
1258.3582.8DAB 0000.0aXX.XXXX 0000.0aXX.XXXX FFFF.FFFF.FFFF 48Bit Hexadecimal 24 bit u tin l m nh sn xut c gn bi IEEE 24 bit th hai l giao din t bit c gn bi nh sn xut a ch Broadcast 7 8 Mt khi bng CAM trn Switch y th cc lu lng ARP request s lm ngp lt mi cng ca switch Lc ny c bn switch hot ng nh hub Tn cng lc ny s lm y bng CAM ca switch
9 DHCP server duy tr cc thng tin cu hnh TCP/IP trong c s d liu nh l cc tham s cu hnh TCP/IP, a ch ip hp l N cung cp cc a ch c cu hnh n my trm trong sut qu trnh thu
10 K tn cng gi cc gi tin khm ph my ch cp pht DHCP v phm vi cp pht v sau k tn cng c gng thu tt c dy a ch IP cp pht ny. y l kiu tn cng t chi dch v bng cch thu tt c a ch cp pht ca my ch DHCP
11 K tn cng s gi mo my ch DHCP trn cng min mng v cung cp a ch cp pht cho user
Bng cch gi mo my ch DHCP,k tn cng c th gi cc thng tin cu hnh TCP/IP sai - Default Gate default gateway gi mo - a ch IP IP gi mo
12 Kch hot bo mt port ngn chn tn cng tc quyn DHCP Kch hot DHCP Snooping ngn chn gi mo DCHP lc ny switch s phn loi thnh cng tin cy v khng tin cy 13
Gi tin ARP c th b gi mo gi d liu n my ca k tn cng
C Cui cng th sau khi bng ARP b y th switch s hot ng ch forwarding, lc ny th k tn cng c th d dng nghe ln mi hot ng trong mng
Gi mo ARP lin quan n vic xy dng mt s lng ln ARP request gi mo v gi ARP reply lin tc c phn hi dn n tnh trng qu ti switch
K tn cng lm ngp lt b nh cache cha a ch ARP ca my mc tiu bng cc a ch ARP gi mo, phng thc ny cn c gi l u c .
14 Khi user A mun thit lp mt phin n user B , mt gi tin ARP request c qung b ra ton min mng, lc ny user A ch phn hi t user B User B phn hi ARP Reply tht Switch broadcast ARP trn ng truyn K tn cng nghe gi cc gi tin ARP Request v ARP Reply v gi mo mnh chnh l user hp php Sau khi bt c gi ARP Request v ARP Reply, attacker c th gi mo ARP Reply ca user B v gi n user A 15 Gi mo gi tin ARP gip k tn cng c th chuyn hng tt c giao tip gia hai my, khi tt c lu lng c gi thng qua my ca k tn cng
Tn cng t chi dch v n cp thng tin d liu Nghe ln cuc gi n cp password Thao tc d liu
16 L k thut la DNS Server tin rng n nhn mt thng tin chng thc ng l tht nhng thc s th thng tin khng tn ti Kt qu l tn min s tr sang ip gi,ip m DNS Server tng l tht, thay v tr sang ip tht 17 Trong k thut ny, bn phi kt ni n min mng LAN m c th nghe ln c cc gi tin N lm vic tt trong mi trng switches vi kiu u c ARP
18 Vi k thut ny k tn cng c th ci vo my nn nhn con trojan v con ny s thay i IP DNS ca nn nhn n my k tn cng
19 K tn cng s gi trojan n my nn nhn v con ny s thay i Proxy server trong trnh duyt internet ca nn nhn 20 Gii quyt tt c truy vn DNS n DNS Server cc b Kha cc truy vn DNS t server bn ngoi Cu hnh DNS Resolv dng port ngun ngu nhin t dy port c sn cho mi truy vn Hn ch cc dch v DNS, cp quyn user Thc hin DNSSec Cu hnh tng la hn ch truy vn DNS t bn ngoi Dng NXDOMAIN 21 Bng cch t cc gi tin nghe ln trong mng, k tn cng c th bt v phn tch tt c lu lng mng
K tn cng c th nghe ln cc thng tin chng thc nh l email, hi thoi chat, password, lu lng web
Nghe ln c 2 kiu l ch ng v b ng. B ng lin quan n vic nghe ln trong mi trng hub, cn ch ng th mi trng switch 22 Nghe ln hot ng ti lp Data Link trong m hnh OSI v khng c lut no qun l ging nh lp ng dng
K tn cng c th, tn cng MAC, DHCP, u c ARP, tn cng gi mo, u c DNS, nghe ln trong mng
Cc bin php ngn chn bao gm: t IP v ARP tnh, dng phin m ha nh SSH thay Telnet, dng SCP thay cho FTP, dng SSL chuyn d liu