Scribd Logo
Upload

Welcome to Scribd!

  • Fools Your Enemy With Mikrotik

    Uploaded by

    Samsul Maulana
    19 views46 pages
    The document discusses how hackers carry out attacks in multiple phases: reconnaissance to gather information, scanning targets to find vulnerabilities, gaining access by exploiting vulnerabilities, maintaining access, and clearing tracks. It also provides examples of hacking tools like Cain & Abel and Kali Linux and notes that cybercrime has become a modern business model offered as a service. Global security incidents in recent years have compromised millions of accounts, and the document questions whether Indonesia is safe given security incidents there involving government and political sites being hacked or DDOS attacked.

    Original Description:

    -

    Original Title

    01. Cara_Melumpuhkan_Hacker_dengan_Mikrotik_sahoobi

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses how hackers carry out attacks in multiple phases: reconnaissance to gather information, scanning targets to find vulnerabilities, gaining access by exploiting vulnerabilities, maintaining access, and clearing tracks. It also provides examples of hacking tools like Cain & Abel and Kali Linux and notes that cybercrime has become a modern business model offered as a service. Global security incidents in recent years have compromised millions of accounts, and the document questions whether Indonesia is safe given security incidents there involving government and political sites being hacked or DDOS attacked.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views46 pages

    Fools Your Enemy With Mikrotik

    Uploaded by

    Samsul Maulana
    The document discusses how hackers carry out attacks in multiple phases: reconnaissance to gather information, scanning targets to find vulnerabilities, gaining access by exploiting vulnerabilities, maintaining access, and clearing tracks. It also provides examples of hacking tools like Cain & Abel and Kali Linux and notes that cybercrime has become a modern business model offered as a service. Global security incidents in recent years have compromised millions of accounts, and the document questions whether Indonesia is safe given security incidents there involving government and political sites being hacked or DDOS attacked.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 46

    o m

    i. c
    o b
    Fools your enemy with Mikrotik

    h o
    a
    BY: DIDIET KUSUMADIHARDJA

    s
    MIKROTIK USER MEETING (MUM) 2016
    JAKARTA, INDONESIA
    14 OCTOBER 2016
    2

    m
    About Me

    Didiet Kusumadihardja
    .i c o
    1. IT Security Specialist

    o b
    o
     PT. Mitra Solusi Telematika

    2. Trainer & IT Consultant

    a h
    s
     Arch Networks

    MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE

    Didiet Kusumadihardja - didiet@arch.web.id


    3

    m
    PT. Mitra Solusi Telematika

    Gedung TMT 2. GF

    .i co
    b
    Jl. Cilandak KKO
    Jakarta

    oo
    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    4

    o m
    .i c
    Global
    o b
    o
    IT Security
    Incident
    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    5

    m
    Global IT Security Incident 2014

    Entire Network
    .i co
    Canceled

    o b
    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    6

    m
    Global IT Security Incident 2015

    .i c o
    3 Tahun di Hack ( 2012 – 2015)

    o b
    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    7

    m
    Global IT Security Incident 2016

    .i co
    o b
    ho
    s a 500 Juta Account

    3 Miliar Account ???


    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Tech Times
    8

    o m
    .i c
    Indonesia
    o b
    o
    IT Security
    Incident
    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    9

    o m
    .i c
    o b INDONESIA

    o
    IS

    a h SAFE?

    s
    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Akamai
    10

    m
    Indonesia IT Security Incident 2013

    polri.go.id
    .i co
    2013

    o b
    ho
    Deface
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    Motive: Fame?
    11

    m
    Indonesia IT Security Incident 2016

    .i co
    b
    Teman Ahok

    oo
    a h
    DDoS Attack
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    Motive: Politics?
    12

    m
    Indonesia IT Security Incident 2016

    .i co
    Videotron

    o b
    Kebayoran Baru
    ho
    Jakarta Selatan

    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    Motive: Curiosity?
    13

    o m
    .i c IT Security

    o b Trends

    ho Gak Perlu

    s a Pinter Buat
    Hacking
    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Carnegie Mellon University
    14

    m
    Hacking Tools Example

    .i c o
    o b
    ho
    s a Cain & Abel
    Kali Linux
    Didiet Kusumadihardja - didiet@arch.web.id
    15

    o m
    .i cCybercrime as

    o b a Service (CaaS)

    ho
    s a Modern Business

    Didiet Kusumadihardja - didiet@arch.web.id


    Source: SCMagazine
    16

    o m
    .i c
    How Hackers
    o b
    do it?
    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    17

    m
    Hacking Phase

    .i c o
    b
    1.Reconnaissance
    2.Scanning

    oo
    3.Gaining Access

    a h
    4.Maintaining Access
    5.Clearing Tracks s
    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Ethical Hacking by EC-Council
    18

    m
    Hacking Phase (Cont’d)

    .i c o
    b
    1.Reconnaissance
    Information Gathering Device Type

    o
    OS Detail Open Port

    2.Scanning

    o
    Application Vulnerability
    Version

    3.Gaining Access

    a h Exploit Vulnerability
    Backdoors

    4.Maintaining Access
    5.Clearing Tracks s
    Didiet Kusumadihardja - didiet@arch.web.id
    Escalate Privilege

    Data harvesting

    Delete/overwrite Event/Logs
    19

    m
    Hacking Phase Analogy

    .i co
    b
    1.Reconnaissance
    2.Scanning

    oo
    3.Gaining Access

    a h
    4.Maintaining Access
    5.Clearing Tracks s
    Didiet Kusumadihardja - didiet@arch.web.id
    20

    m
    When we fools them?

    .i co
    b
    1.Reconnaissance
    2.Scanning

    oo
    3.Gaining Access

    a h
    4.Maintaining Access
    5.Clearing Tracks s
    Didiet Kusumadihardja - didiet@arch.web.id
    21

    m
    Why at Scanning Phase?

    .i co
    b
    TELNET SSH

    oo
    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    22

    m
    Scanning Tools

    SoftPerfect Network Scanner

    .i co
    o b
    ho The Dude

    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    23

    o m
    .i c
    How to fools
    o b
    them?
    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    24

    m
    Use a bait

    .i co
    o b
    ho
    Hacker

    s a Bait

    Didiet Kusumadihardja - didiet@arch.web.id Honey Pot


    25

    m
    Web Server Example

    .i c o
    = o o b
    a h
    s
    Web Server

    HTTP HTTPS
    Didiet Kusumadihardja - didiet@arch.web.id
    26

    m
    Confuse your enemy

    .i co
    o b
    o
    HTTP HTTPS

    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    27

    m
    Server Farm Network Example

    .i
    SERVER X c o
    o b
    ho
    192.168.1.2  DNS Server
    192.168.1.5  Web Server
    192.168.1.10  DB Server
    192.168.1.15  Mail Server
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    192.168.1.0/24
    28

    m
    Confuse your enemy

    192.168.1.1  Fake Server 1

    .i co
    b
    192.168.1.2  DNS Server
    192.168.1.3  Fake Server 2

    o
    192.168.1.4  Fake Server 3

    o
    192.168.1.5  Web Server
    192.168.1.6  Fake Server 4

    h
    192.168.1.7  Fake Server 5

    a
    192.168.1.8  Fake Server 6
    192.168.1.9  Fake Server 7

    s
    192.168.1.10  DB Server
    192.168.1.11  Fake Server 8
    192.168.1.12  Fake Server 9
    192.168.1.13  Fake Server 10
    192.168.1.14  Fake Server 11
    192.168.1.15  Mail Server 192.168.1.0/24
    Didiet Kusumadihardja - didiet@arch.web.id
    29

    o m
    .i c
    How we do it
    o b
    with Mikrotik?
    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    30

    o m
    .i c
    b
    NAT

    o
    (Network Address Translation)

    o
    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    31

    o m
    .i c
    b
    Fake NAT
    o
    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    32

    m
    Fake Ports at your Web Server

    .i c o
    b
    HTTP & HTTPS to
    Legitimate Server

    oo
    a h
    s
    Other Ports to
    Fake Server

    Didiet Kusumadihardja - didiet@arch.web.id


    33

    m
    Simple NAT for Web Server

    .i c o
    NAT (Port Mapping)

    INTERNET

    o b
    ho
    ROUTER s
    WEB SERVER
    192.168.2.3
    a
    Didiet Kusumadihardja - didiet@arch.web.id Chain Action
    34

    m
    Add Additional NAT for Bait

    Chain Action

    .i co
    o b
    o
    Web Server

    h
    192.168.2.3 Fake Server

    a
    (Honey Pot)

    s
    192.168.2.4

    Didiet Kusumadihardja - didiet@arch.web.id


    35

    m
    Fake Server at your Server Farm Network

    .i co
    b
    Only one legitimate
    server

    oo
    a h
    s
    Others are Fake Server

    Didiet Kusumadihardja - didiet@arch.web.id


    36

    m
    Another Example

    Chain Action

    .i c o
    o b
    ho Web Server Fake Server

    a
    192.168.2.3 (Honey Pot)

    s
    192.168.2.4

    Didiet Kusumadihardja - didiet@arch.web.id


    37

    m
    Combine with Honey Pot

    .i c o
    o b
    ho
    KFSensor
    s a
    Didiet Kusumadihardja - didiet@arch.web.id Others HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes
    38

    m
    What Hacker See (NMAP)

    .i co
    b
    Nmap / Zenmap

    oo
    a h
    sBefore
    Didiet Kusumadihardja - didiet@arch.web.id
    After
    39

    m
    What Hacker See (SoftPerfect NetScan)

    SoftPerfect Network Scanner

    .i co
    o b
    ho
    s
    Before
    a After
    Didiet Kusumadihardja - didiet@arch.web.id
    40

    m
    I don’t want to use HoneyPot

    Step 1: Chain

    .i co
    b
    Step 2: Action

    oo
    a h
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    41

    m
    What we see, If someone PING

    .i co
    o b
    ho
    s a SRC-MAC ADDRESS
    SRC-IP ADDRESS
    Didiet Kusumadihardja - didiet@arch.web.id
    42

    m
    What we see, If someone NMAP

    .i c o
    o b Mikrotik LOG:

    ho
    s a
    Didiet Kusumadihardja - didiet@arch.web.id
    43

    m
    The Dude, Hotspot & Userman

    .i co
    o b
    ho
    s a
    IP Address  MAC Address  User ID  Person
    Didiet Kusumadihardja - didiet@arch.web.id
    44

    m
    Use Case 1

    .i co
    o b
    ho University

    Internet Café
    (WARNET) s a Insider Threat

    Didiet Kusumadihardja - didiet@arch.web.id


    Office
    45

    m
    Use Case 2

    http://public.honeynet.id

    .i c o
    o b
    ho
    a
    Research

    Analytics
    (Low Interaction Honeypot)
    s
    Didiet Kusumadihardja - didiet@arch.web.id
    For Fun
    Learn hacking method
    from hacker / script kiddies
    (High Interaction Honeypot)
    46

    o m
    DIDIET KUSUMADIHARDJA

    Thank you
    .i c
    .
    o b
    .
    ho
    Question?

    s a didiet@arch.web.id
    http://didiet.arch.web.id/
    https://www.facebook.com/ArchNetID/
    Didiet Kusumadihardja - didiet@arch.web.id

    You might also like