Scribd Logo
Upload

Welcome to Scribd!

  • Smurf Attack

    Uploaded by

    Mi Pha Hoang
    202 views5 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    202 views5 pages

    Smurf Attack

    Uploaded by

    Mi Pha Hoang

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Smurf Attack y c l l kiu tn cng do tc ng ca mng khuch i.

    khi bn gi ping request (ICMP ECHO REQUEST)n mt my tnh hoc mt h thng mng, my tnh or h thng s gi li cho bn ping reply(ICMP ECHO REPLY), da vo iu ny k tn cng s gi mo a ch IP ngun l nn nhn v gi cc packet n mng khuch i ,lc mng khuch i s gi cc packet tr li nh th cho nn nhn ( v k tn cng gi mo a ch IP l nn nhn ) ping request -attacker - --------------> - mng khuch i----------->victim IP spoofing ping reply Smurf attack tn dng directed broadcast v yu cu ti thiu l 3 yu t - attacker - victim - mng khuch i ( cng ln th victim cht cng nhanh ) Smurf Attack l mt trong cc hnh thc tn cng kiu DDoS, y l hnh thc tn cng c bn nht, n da trn li thiu cn thn trong chnh sch bo mt trn Router ca ngi qun tr. C th, l li khng tt ch Directed Broadcast trn Router. Nh Cuty gi nh : Nguyn vn bi Cuty Gi s Hacker mun tn cng pc 192.168.1.10 (tm gi l victim) 1. Hacker gi ping n 192.168.1.255, nhng gi mo a ch IP source l 192.168.1.10 (victim) 2. 254 PC trong mng LAN s gi ICMP reply tr li n a ch IP ca victim (192.168.1.10) --> Victim s b tn cng DoS. Hacker ngoi mng 192.168.1.0/24 mun tn cng my 192.168.1.10, th ch vic gi s lng ln gi Ping ( Source Spoofing thnh 192.168.1.10) n Router ca mng vi IP ch l 192.168.1.255, v Router cho php forward cc bn tin Broadcast nn cc gi tin ping c Router chuyn vo mng 192.168.1.0/24 v i ti tt c cc PC trong mng . Tt c cc PC trong mng s gi cc gi reply tr li li ng vi mi gi ping m n nhn c. Gi s : trong mng c 100 my (khng k my 192.168.1.10) th ng vi 1 gi tin Ping ca Hacker thi s c ti 100 gi reply gi n 192.168.1.10. Nu Hacker gi lun 100 gi Ping th nhn ln s c n 10.000 gi reply gi n 192.168.1.10 trong mt thi gian ngn. Nh vy, my 192.168.1.10 cht sc ri cn g

    V Hacker tn dng tt c cc my trong cng mng vi 192.168.1.10 tn cng n nn y l DDoS Attack. chng li : nh chnh bosshungyen ni ri, ch vic tt ci chc nng Directed

    Broadcast trn Router i l OK. Khi Hacker c gi thoi mi Ping th Router cng khng forward i -> OK ri ch ! Ping of Death Mt s my tnh s ngng hot ng, reboot hoc b crash khi gi gi data ping vi kch thc ln n chng. V d: C:\ > ping -l 655540 Teardrop Tt c cc d liu chuyn i trn mng t h thng ngun n h thng ch u phi tri qua 2 qu trnh sau: d liu s c chia ra thnh cc mnh nh h thng ngun, mi mnh u phi c mt gi tr offset nht nh xc nh v tr ca mnh trong gi d liu c chuyn i. Khi cc mnh ny n h thng ch, h thng ch s da vo gi tr offset sp xp cc mnh li vi nhau theo th t ng nh ban u. V d, c mt d liu gm 4000 bytes cn c chuyn i, gi s rng 4000 bytes ny c chia thnh 3 gi nh(packet): packet th nht s mang cc 1bytes d liu t 1 n 1500 packet th hai s mang cc bytes d liu t 1501 n 3000 packet th ba s mang cc bytes d liu cn li, t 3001 n 4000 Khi cc packets ny n ch, h thng ch s da vo offset ca cc gi packets sp xp li cho ng vi th t ban u: packet th nht - > packet th hai - > packet th ba Trong tn cng Teardrop, mt lot gi packets vi gi tr offset chng cho ln nhau c gi n h thng ch. H thng ch s khng th no sp xp li cc packets ny, n khng iu khin c v c th b crash, reboot hoc ngng hot ng nu s lng packets vi gi tr offset chng cho ln nhau qu ln! Hy xem li v d trn, ng ra cc packet c gi n h thng ch c dng nh sau: (1- > 1500 bytes u tin) (1501- > 3000 bytes tip theo) (3001- > 4000 bytes sau cng), trong tn cng Teardrop s c dng khc: (1- > 1500 bytes) (1501- > 3000 bytes) (1001> 4000 bytes). Gi packet th ba c lng d liu sai! SYN Attack Trc ht, bn hy xem li tin trnh bt tay 3 bc ca mt kt ni TCP/IP. Mt client mun kt ni n mt host khc trn mng. Bc 1: client gi mt SYN packet vi s Sequence Number ban u(ISN) n host cn kt ni: client-----SYN packet----- > host

    Bc 2: host s phn hi li client bng mt SYN/ACK packet, ACK ca packet ny c gi tr ng bng ISN ban u do client gi gi n host bc 1 v ch nhn mt ACK packet t client host-----SYN/ACK packet----- > client Bc 3: client phn hi li host bng mt ACK packet client-----ACK packet----- > host Khi host nhn c ACK packet ny th kt ni c thit lp, client vo host c th trao i cc d liu cho nhau. Trong SYN Attack, hacker s gi n h thng ch mt lot SYN packets vi a ch ip ngun khng c thc. H thng ch khi nhn c cc bad SYN packets ny s gi tr li SYN/ACK packet n cc a ch khng c thc ny vo ch nhn c ACK messages t cc a ch ip . V y l cc a ch ip khng c thc, h thng ch s s ch i v ch v cn ni ui cc ``request`` ch i ny no hng i, gy lng ph mt lng ng k b nh trn my ch m ng ra l phi dng vo vic khc thay cho phi ch i ACK messages Tn cng Buffer overflow. - Buffer Overflow xy ra ti bt k thi im no c chng trnh ghi lng thng tin ln hn dung lng ca b nh m trong b nh. - K tn cng c th ghi ln d liu v iu khin chy cc chng trnh v nh cp quyn iu khin ca mt s chng trnh nhm thc thi cc on m nguy him. - Tn cng Buffer Overflow ti trnh by cch khai thc li ny trong bi vit trc v hacking windows cng trn trang - Qu trnh gi mt bc th in t m file nh km di qu 256 k t c th s xy ra qu trnh trn b nh m. ht lun http://bacsimaytinh.edu.vn/forum/showthread.php?3968-Ping-of-Death chung thuc kdc http://www.wattpad.com/4880248-c%C3%A2u-24-43?p=11 Chn p = 7 v q = 11 n = p * q = 77 Tnh e m ha kha: (p-1) (q-1) = 6 * 10 = 60 chn e = 13 (13 v 60 l nhng s nguyn t) Tnh ton gii m key d nh 13 * d = 1 mod 60 d = 37 (37 * 13 = 481

    arp attach Attacker: l my hacker dng tn cng ARP attack IP: 10.0.0.11 Mac: 0000:0000:0111 HostA IP: 10.0.0.09 MAC: 0000:0000:0109 HostB IP: 10.0.0.08 MAC: 0000:0000:0108 Victim: l my b tn cng ARP attack IP: 10.0.0.10 MAC: 0000:0000:0110 Attacker mun thc hin ARP attack i vi my Victim. Attacker mun mi gi tin HostA truyn ti my Victim u c th chp li c xem trm. Lm th no Attacker c th hin c iu ? u tin, HostA mun gi d liu cho Victim. HostA cn phi bit a ch MAC ca Victim lin lc. HostA s gi broadcast ARP Request ti tt c cc my trong cng mng Lan hi xem IP 10.0.0.10 (IP ca Victim) c a ch MAC l bao nhiu. HostB, Attacker, Victim u nhn c gi tin ARP Request, nhng ch c Victim l gi li gi tin ARP Reply li cho HostA. ARP Reply cha thng tin v IP ca Victim, MAC Victim, MAC HostA Sau khi nhn c gi tin ARP Reply t Victim, HostA bit c a ch MAC ca Victim. HostA bt u thc hin lin lc, truyn d liu ti Victim. HostB, Attacker khng th xem ni dung d liu c truyn gia 2 my HostA v Victim Attacker mun xem d liu truyn gia HostA v Victim. Attacker s dng kiu tn cng ARP Spoof. Attacker thc hin gi lin tc ARP Reply cha thng tin v IP Victim, MAC Attacker, MAC HostA. y, thay v l MAC Victim, Attacker i thnh a ch MAC ca mnh. HostA nhn c ARP Reply v ngh l IP Victim 10.0.0.10 s c a ch MAC l 0000:0000:0111 ( MAC ca Attacker). HostA lu thng tin ny vo bng ARP Cache. By gi mi thng tin, d liu HostA gi ti 10.0.0.10 (Victim), Attacker u c th nhn c, Attacker c th xem tan b ni dung HostA gi cho Victim

    Attacker cn c th kim sat tan b qu trnh lin lc gia HostA v Victim thng qua ARP Attack Attacker thng xuyn gi cc gi tin ARP Reply cha a ch IP ca HostA v Victim nhng c a ch MAC l ca Attacker. HostA nhn c gi tin ny th c ngh Victim s c a ch MAC l 0000:0000:0111 (MAC ca Attacker) Victim nhn c gi tin ny th c ngh HostA s c a ch MAC l 0000:0000:0111 (MAC ca Attacker) Mi thng tin trao i gia HostA v Victim, Attacker u c th nhn c. Nh vy l Attacker c th bit c ni dung trao i gia HostA v Victim Sau khi b tn cng ARP attack, s rt nguy him cho ngi dng v mi thng tin trao i ca h u b l, nht l nhng thng tin l quan trng, cn phi gi b mt

    You might also like