Professional Documents
Culture Documents
Mrejovi atakiGodishnikDTK
Mrejovi atakiGodishnikDTK
,
.
2
.
TCP/IP , .
I.
1. VLAN
VLANs (Virtual Local Area Network) ,
,
. ,
VLAN .
.
VLAN , . ,
, ,
DTP (Dynamic Trunking Protocol). ,
trunk . Trunk
(),
VLAN-. 802.1Q .
,
DTP ( 5 , - ).
DTP
On
trunk.
Off
(access port)
trunk.
Auto
.
trunk, trunk.
Desirable
auto, ,
, trunk.
DTP
Nonegotiate DTP
trunk. .
trunk VLAN-. 802.1Q ,
DTP, Ethernet
VLAN
( - QoS ,
).
trunk. trunk , 802.1Q
, CRC
. [1]
VLAN VLAN
DTP. DTP ,
,
. DTP , , ,
trunk.
, trunk,
trunk .
1:
1 VLAN
. ,
trunks, access .
DTP , ,
. Cisco Catalyst
:
access:
Switch(config-if)#switchport mode access
trunk:
Switch(config-if)#switchport mode nonegotiate
Switch(config-if)#switchport trunk allowed vlans [vlan range]
DTP trunk
. VLAN-
trunk . [2]
Spanning-tree
Spanning Tree Protocol (STP) ,
[3].
-
. STP
. BPDU
(Bridge Protocol Data Unit) . BPDU
, bridge ID (
+ MAC ). - bridge ID
(root bridge).
, ,
, (
- , MAC
). .
, BPDU
, ,
(3-50
). [1]
STP
. BPDU
, ,
, - bridge ID,
, STP .
,
, .
BPDU Guard
Cisco Catalyst . BPDU Guard
PortFast ( ,
, ).
BPDU , .
:
Switch(config)#spanning-tree portfast bpduguard
2 ARP
, .
( MAC ).
ARP
IP MAC .
4. VTP
VLAN Trunking Protocol (VTP) ,
.
VLAN- .
, ,
(VTP domain).
VTP Transparent
(), Server () Client (). , VLAN
,
,
. - VLAN
, .. configuration revision number.
. [1]
,
,
. VLAN 1
, VLAN- .
VLAN,
trunk .
:
1) VTP ( ) -
VLAN
:
Switch#vlan database
Switch(vlan)#vtp transparent
Switch(vlan)#vlan 2 name TU-Sofia
2) , VTP
vtp , ,
:
Switch(vlan)#vtp password tu-s0fia
5. ,
II.
,
.
.
1. ,
. - : (Telnet,
SSH); ; SNMP (Simple Network
Management Protocol); , HTTP (
HTTPS secure HTTP).
HTTP . ,
80 , .
, - Cisco ,
.
, ,
,
.
:
http://ip address/level/99/exec/show/config
3.
3
. MD5
( enable password, service password-encryption) .
MD5 , , Cisco (
- IOS) MD5 ,
. ,
, Boson GetPass! 4
:
4 Boson GetPass
, HTTP:
Router(config)#no ip http server
, :
Router(config)#access-list 1 permit host 10.0.0.5
Router(config)#ip http server 1
Telnet , .
, . [1] [4]
2. ,
- (RIP v1)
,
. ,
. ,
(route poisoning) RIP v1
5:
5 route poisoning
. RIP v2 :
- (key-chain)
:
Router(config)#key chain MYCHAIN
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string cisco
-
, RIP MD5 :
Router(config)#interface fastethernet 0/0
Router(config-if)#ip rip authentication key-chain MYCHAIN
Router(config-if)#ip rip authentication mode MD5
Router(config)#interface serial 0/0
Router(config-if)#ip rip authentication key-chain MYCHAIN
Router(config-if)#ip rip authentication mode MD5
- IP
spoofing.
III. DoS
DoS (Denial of Service) ,
.
,
,
(drop).
.
,
. - DoS
TCP . ICMP UDP .
, ,
.
DoS [3] [5]:
-
TCP SYN ;
Land.c ;
Smurf .
1. TCP SYN
TCP
(TCP three-way handshake). TCP
, 6:
6 Three-way handshake
.
SYN ()
TCP ,
. SYN ISN (initial sequence numbers)
SYN=1, ACK=0.
, ISN ,
ISN (SYN=1, ACK=1).
, , (ACK
) . .
7 TCP SYN
TCP SYN (. 7)
(spoofed) SYN
( IP IP spoofing) ,
. ,
SYN-ACK ,
( ACK ) . ..
. SYN ,
,
, .
. SYN -
,
, ,
.
, , , IP
,
.
( )
, .
, ,
.
SYN ,
. :
-
SYN ,
;
SYN
, ..
;
, ,
.
. [3] [15]
SYN
[6]:
-
,
, .
,
.
2. Land.c
DoS .
SYN
.
. -
.
. [5]
3. Smurf
,
. ICMP (Internet
Control Message Protocol) echo-request broadcast ,
.
ICMP (
) 3 . ping
(Windows ICMP ping, Unix, Linux, Cisco IOS, UDP
).
Smurf , ICMP echo-request broadcast
,
. 8 :
8 Smurf
ICMP echo-reply
. ,
,
(spoofing). , .
Smurf Fraggle , UDP (userdatagram protocol) ICMP. Fraggle CHARGEN ECHO
, UDP 19 7.
ICMP ping . CHARGEN ECHO,
, ,
. ,
, .
[3] [5]
4.
DDoS (Distributed Denial-of-Service) -
. ,
,
. ,
, . ,
, , ,
, .
, .
. ,
( -
) .
(
), .
9 :
9 DDoS
5. (Session Hijacking)
(Session Hijacking),
[5]. -
TCP ,
.
, . ip
spoofing-a, , ,
.
.
,
,
( ).
,
.
:
-
, .
. ,
(.10).
(ISN Initial Sequence Number),
.
DoS , ,
(. 11).
10
11
:
-
- .
.
.
.
Cisco Switch Port
Analyzer (SPAN) .
VLAN- SPAN .
SPAN
. Linux MACOF
,
, HUB (
Cisco ).
, .
(seq ack) . :
-
, ;
seq ack .
DoS ;
- seq ack .
32 TCP ( 1 4 294
967 295; 0 ). ,
TCP .
RFC 793 seq 4
.
. BSD Linux
128,000 (
9:32 ). , seq ,
TCP ,
. TCP 12:
12 TCP
,
.
13 Datapool
,
(). ,
192.168.10.10,
- 192.168.10.9 :
14 Jolt2
- P : , (ICMP, UDP)
- p :
- n : ,
- d :
15 Hgod
,
192.168.10.10 80 (
HTTP), 192.168.10.9, :
Hgod 192.168.10.10 80 s 192.168.10.9
:
[1]
[2]
[3]
[4]
Frahim J., Cisco ASA All-in-One Firewall IPS and VPN Adaptive Security
Appliance, Cisco Press, 2005
[5]
[6]
, ,
, , , 2005 .
[7]
: google.com, en.wikipedia.org