1

Nhm thc hin : 1

GVHD : Th.S Nguyn Minh Nht
Lp: D18TMTB2
Thnh vin nhm:
- Nguyn Vit Lc.
- Trn Thnh Danh.
- Dip Hong Phc.
- Nguyn Tin Dng.
TI: SNIFFER
Nghe ln l g
L hng cc giao thc
Cc kiu tn cng
- Tn cng DHCP
- Tn cng DNS
- Tn cng ARP
Nghe ln l mt tin trnh cho php gim st cuc gi v cuc
hi thoi internet bi thnh phn th ba.
K tn cng thit b lng nghe gia mng mang thng tin
nh hai thit b in thoi hoc hai thit b u cui trn
internet.

Kiu nghe ln
B ng
Gim st v ghi li tt
c thng tin lu lng
Ch ng
Ch gim st v ghi li
thng tin lu lng
Sniffer t card mng ch a mode v lng nghe tt c
cc d liu chuyn i trn mng
Sniffer c th c cc thng tin trn my tnh thng qua card
NIC bng cch gii m cc thng tin c ng gi trong gi
tin

4
Telnet
RLogin
HTTP SMTP NNTP POP FTP IMAP
T hp phm bao
gm username v
pasword
D liu c gi
di dng clear text
Password v d
liu c gi di
dng clear text
Password v d
liu c gi di
dng clear text
Password v d
liu c gi di
dng clear text
Password v d
liu c gi di
dng clear text
Password v d
liu c gi di
dng clear text
5
Ngp lt MAC l lm ngp
lt switch vi mt s lng
ln yu cu .
Switch c b nh gii hn
cho vic nh x a ch MAC
v port vt l trn switch
Ngp lt MAC lm cho b
nh gii hn ca switch y
ln bng cch gi mo nhiu
a ch MAC khc nhau v
gi n switch
Lc ny switch hot ng nh mt
hub v cc gi tin s c gi ra
tt c cc my trn cng min
mng v k tn cng c th d
dng nghe ln
6
Bng CAM ca switch th c kch thc gii hn.
N lu tr thng tin nh a ch MAC address gn vi cng
tng ng trn switch cng vi cc tham s min mng vlan


1258.3582.8DAB
0000.0aXX.XXXX
0000.0aXX.XXXX
FFFF.FFFF.FFFF
48Bit Hexadecimal
24 bit u tin l m nh sn
xut c gn bi IEEE
24 bit th hai l giao din t
bit c gn bi nh sn xut
a ch Broadcast
7
8
Mt khi bng CAM trn Switch y th cc lu lng ARP
request s lm ngp lt mi cng ca switch
Lc ny c bn switch hot ng nh hub
Tn cng lc ny s lm y bng CAM ca switch


9
DHCP server duy tr cc thng tin cu hnh TCP/IP trong c
s d liu nh l cc tham s cu hnh TCP/IP, a ch ip hp
l
N cung cp cc a ch c cu hnh n my trm trong
sut qu trnh thu

10
K tn cng gi cc gi tin khm ph my ch cp pht
DHCP v phm vi cp pht v sau k tn cng c gng
thu tt c dy a ch IP cp pht ny.
y l kiu tn cng t chi dch v bng cch thu tt c a
ch cp pht ca my ch DHCP

11
K tn cng s gi mo my ch DHCP trn cng min mng
v cung cp a ch cp pht cho user


Bng cch gi mo my ch DHCP,k
tn cng c th gi cc thng tin cu
hnh TCP/IP sai
- Default Gate default gateway
gi mo
- a ch IP IP gi mo

12
Kch hot bo mt port ngn chn tn
cng tc quyn DHCP
Kch hot DHCP Snooping ngn chn gi
mo DCHP lc ny switch s phn loi
thnh cng tin cy v khng tin cy
13

Gi tin ARP c th b
gi mo gi d liu
n my ca k tn
cng

C
Cui cng th sau khi bng
ARP b y th switch s hot
ng ch forwarding,
lc ny th k tn cng c th
d dng nghe ln mi hot
ng trong mng


Gi mo ARP lin quan n
vic xy dng mt s lng
ln ARP request gi mo v
gi ARP reply lin tc c
phn hi dn n tnh trng
qu ti switch


K tn cng lm ngp lt b
nh cache cha a ch ARP
ca my mc tiu bng cc
a ch ARP gi mo, phng
thc ny cn c gi l u
c .

14
Khi user A mun thit lp mt
phin n user B , mt gi tin ARP
request c qung b ra ton min
mng, lc ny user A ch phn hi
t user B
User B phn hi
ARP Reply tht
Switch broadcast ARP
trn ng truyn
K tn cng nghe gi cc
gi tin ARP Request v
ARP Reply v gi mo
mnh chnh l user hp php
Sau khi bt c gi ARP
Request v ARP Reply,
attacker c th gi mo ARP
Reply ca user B v gi n
user A
15
Gi mo gi tin ARP gip k tn cng c th chuyn hng
tt c giao tip gia hai my, khi tt c lu lng c gi
thng qua my ca k tn cng

Tn cng t chi dch v
n cp thng tin d liu
Nghe ln cuc gi
n cp password
Thao tc d liu

16
L k thut la DNS Server tin rng n nhn mt thng tin
chng thc ng l tht nhng thc s th thng tin
khng tn ti
Kt qu l tn min s tr sang ip gi,ip m DNS Server
tng l tht, thay v tr sang ip tht
17
Trong k thut ny, bn phi kt ni n min mng LAN m
c th nghe ln c cc gi tin
N lm vic tt trong mi trng switches vi kiu u c
ARP

18
Vi k thut ny k tn cng c th ci vo my nn nhn
con trojan v con ny s thay i IP DNS ca nn nhn n
my k tn cng

19
K tn cng s gi trojan n my nn nhn v con ny s
thay i Proxy server trong trnh duyt internet ca nn nhn
20
Gii quyt tt c truy vn DNS n DNS Server cc b
Kha cc truy vn DNS t server bn ngoi
Cu hnh DNS Resolv dng port ngun ngu nhin t dy
port c sn cho mi truy vn
Hn ch cc dch v DNS, cp quyn user
Thc hin DNSSec
Cu hnh tng la hn ch truy vn DNS t bn ngoi
Dng NXDOMAIN
21
Bng cch t cc gi tin nghe ln trong mng, k tn cng c
th bt v phn tch tt c lu lng mng

K tn cng c th nghe ln cc thng tin chng thc nh l
email, hi thoi chat, password, lu lng web

Nghe ln c 2 kiu l ch ng v b ng. B ng lin quan
n vic nghe ln trong mi trng hub, cn ch ng th mi
trng switch
22
Nghe ln hot ng ti lp Data Link trong m hnh OSI v
khng c lut no qun l ging nh lp ng dng

K tn cng c th, tn cng MAC, DHCP, u c ARP, tn
cng gi mo, u c DNS, nghe ln trong mng

Cc bin php ngn chn bao gm: t IP v ARP tnh, dng
phin m ha nh SSH thay Telnet, dng SCP thay cho FTP,
dng SSL chuyn d liu

23