0
Attack the [own] Network so you`ll survive




y3dips@REMOVEUPPERCASEecho.or.id   UNAS, 27 Desember 2008
Who Am I
 ●   Founder echo.or.id, e-rdc.org,
     ubuntulinux.or.id
 ●   A Bandwidth hunter
 ●   Security TroubleMaker sin...
Network?
 ●   So, what is Network?
 ●   A collection of host computers together
     with the subnetwork or internetwork
 ...
Issue
 ●   Spoofing
 ●   Sniffing
 ●   Tunneling
 ●   Denial Of Service/ Botnets




y3dips@REMOVEUPPERCASEecho.or.id   UN...
Why attacking?




    “The best defense is a good offense”
          http://www.answers.com/topic/attack-is-the-best-form...
Brief History
 ●   TCP/IP is more than 30 years
 ●   Create withous security considerations,
     eg: FTP, TELNET, SMTP, P...
Spoofing
 ●   Spoof = Masquerade - rfc4949
 ●   Is a situation in which one person or
     program successfully masquerade...
Spoofing Example
 ●   IP spoofing, e.g: modify source address
     A common misconception is that "IP
     spoofing" can b...
Spoofing Example
 ●   ARP Spoofing
 ●   Send ‘fake’ or 'spoofed', ARP messages to
     an Ethernet LAN. These frames conta...
y3dips@REMOVEUPPERCASEecho.or.id   UNAS, 27 Desember 2008
y3dips@REMOVEUPPERCASEecho.or.id   UNAS, 27 Desember 2008
Sniffing
 ●   "wiretapping"
 ●   Capturing and examining the data packets
     carried on a LAN - rfc4949
 ●   Objectives ...
Tunneling
 ●   Tunnel is A communication channel
     created in a computer network by
     encapsulating (i.e., layering)...
DOS
 ●   The prevention of authorized access to a
     system resource or the delaying of system
     operations and funct...
DOS attacker may
 ●   Attempt to flood a network, thereby
     preventing legitimate network traffic
 ●   Attempt to disru...
y3dips@REMOVEUPPERCASEecho.or.id   UNAS, 27 Desember 2008
y3dips@REMOVEUPPERCASEecho.or.id   UNAS, 27 Desember 2008
Survive




    “Security is a process, not a product”




y3dips@REMOVEUPPERCASEecho.or.id    UNAS, 27 Desember 2008
Survive (cont`d)
 ●   Firewall, IDS, IPS just a tool
 ●   Educate the user
 ●   Implement the Best policy
 ●   Regularly A...
Thanks All.
                         Q&A ?




y3dips@REMOVEUPPERCASEecho.or.id     UNAS, 27 Desember 2008
Upcoming SlideShare
Loading in...5
×

Attack the (Own) Network so You'll Survive

619

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
619
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
53
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of " Attack the (Own) Network so You'll Survive"

  1. 1. Attack the [own] Network so you`ll survive y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  2. 2. Who Am I ● Founder echo.or.id, e-rdc.org, ubuntulinux.or.id ● A Bandwidth hunter ● Security TroubleMaker since 2000 ● Not a Celebrity ● y3dips@REMOVEUPPERCASEecho.or.id y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  3. 3. Network? ● So, what is Network? ● A collection of host computers together with the subnetwork or internetwork through which they can exchange data. ● Internet, very popular term in network y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  4. 4. Issue ● Spoofing ● Sniffing ● Tunneling ● Denial Of Service/ Botnets y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  5. 5. Why attacking? “The best defense is a good offense” http://www.answers.com/topic/attack-is-the-best-form-of-defence y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  6. 6. Brief History ● TCP/IP is more than 30 years ● Create withous security considerations, eg: FTP, TELNET, SMTP, POP3 ● Weakness Lies on IP layer, no auth and encryption y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  7. 7. Spoofing ● Spoof = Masquerade - rfc4949 ● Is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage – wikipedia y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  8. 8. Spoofing Example ● IP spoofing, e.g: modify source address A common misconception is that "IP spoofing" can be used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection. - iss.net ● Combine with DDOS attack y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  9. 9. Spoofing Example ● ARP Spoofing ● Send ‘fake’ or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices (e.g switches) ● Monkey In the Middle Attack with Cain ● Cain, ettercap, nemesis, dsniff y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  10. 10. y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  11. 11. y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  12. 12. Sniffing ● "wiretapping" ● Capturing and examining the data packets carried on a LAN - rfc4949 ● Objectives : Capture credential data through network (password, files, video sound, etc) ● Hub (passive) v.s Switch (active) ● Wireshark (ethereal), ettercap, tcpdump ● MITM, Combine with spoofing y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  13. 13. Tunneling ● Tunnel is A communication channel created in a computer network by encapsulating (i.e., layering) a communication protocol's data packets in (i.e., above) a second protocol that normally would be carried above, or at the same layer as, the first one. - rfc4949 ● Http, ssh, dns, icmp ● Ssh foo@doo -D port y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  14. 14. DOS ● The prevention of authorized access to a system resource or the delaying of system operations and function – rfc4949 ● Famous POD, synflood, new attack (actually old, http://it.slashdot.org/article.pl?sid=08/10/01/0127245) ● DDOS attack ● BotNet y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  15. 15. DOS attacker may ● Attempt to flood a network, thereby preventing legitimate network traffic ● Attempt to disrupt connections between two machines, thereby preventing access to a service ● Attempt to prevent a particular individual from accessing a service ● Attempt to disrupt service to a specific system or person y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  16. 16. y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  17. 17. y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  18. 18. Survive “Security is a process, not a product” y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  19. 19. Survive (cont`d) ● Firewall, IDS, IPS just a tool ● Educate the user ● Implement the Best policy ● Regularly Audit y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  20. 20. Thanks All. Q&A ? y3dips@REMOVEUPPERCASEecho.or.id UNAS, 27 Desember 2008
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×