Downloaded 21 times
![c)¸Øóè-ô̸Ø
• ô̸Ø8]§kæÁæéз뙆
ý¿ÐL·
• lYô̸Ø,
– ý (Masquerade)
– g(Replay)
– ù·(Message Modification)
– œ(Denial of Service)](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-7-320.jpg)
![c)¸Øóè-—̸Ø
• —̸Ø8]§k(¢,)_{Ã*Y
À_Æd (J(JÁI«™†·f
• lY—̸Ø,
– ÿÓ(Eavesdropping)
– ·Ã±(Traffic Analysis)](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-8-320.jpg)
![±s̜ٸØ
• ±s̜ٸØH‰DDoS
– ®±sY¸ØÙÌdL¥c)jDï
DoS¸ØYôÚÛï¸Ød¯õÛœ«
*[}Ž
t]ç¸ØYfzd¿ÓÁÙ
ûU#7d ¬çÌ,Mld6f](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-17-320.jpg)
![DDoS ¸Øj¡
]§(1Ç
DaemonûÌ client
daemon
¸Øk
client daemon
daemon
a”ôÚ
daemon
client ICMP
Echoreply
Packets
daemon
Internet ôÚ](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-18-320.jpg)
![døÜ8U”¥#ÐJfzJ
broadcastY
• Ä Ä#æ
e]§»Ð]§k#ûU
• ¼?ãX(Disk Quota)](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-27-320.jpg)
![Ýõû̱
• ÝõûÌ8U
– ûU—]§J¡”]
– F4k£YØ%
– B8)”üYûÌeÄ —·@YûÌ
– —c)@%
Q
• Ýõóè
– ÃLÇ›è/Nxè/ŸµÏ}è/WÁÂÔè/FTPè
• ôÂgÙÌ
– e‰qæéh1/À@*8ûUÐÐûÌ
®Ã—G”
• ôfY
– ›SôÚeØÿ_e*¸Øe#7c)](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-33-320.jpg)
![¹ÞÚ®Ya#
• Session Hijacking•ÖH‰˜¹ÞÚ® ™
• ¸Øa#j
– …]§k¯4kî]ôÚ(Ó…½©dC
†¹ÞÚ®d+¥,4k'ôÚœY¹Þ•Ùd
]§kYeØ_þ¥,4k~ÃLôÚ†¹d
]§kÀ_4a¥,4kÔÞÞÆÀ_Y
‚Uf
• Kra”õ1998Ë11ÜÜ3YHuntd ”Þ
“daemon9”Ü3Yjuggernautdid6Session
Hijacking](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-42-320.jpg)
![Ô¸Ø (Replay Attack)
• a#j
– ¸ØkõÿÓc)d_(¾}Y·ÃPÙÂÔ
Y¯ÇÃd˜© Ôµ…¯ÇÃøÿ½TH
$Þ–LY4kdø:QÀ_ûUY]§f
Yf
• Áj
– –L£›®0õÞÖÛœS
– ®ÆP£ÇYÄŒÌX›](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-48-320.jpg)
![àP (Buffer Overflow)
• £¯ûÌ•Ô
SY¾³ï
Í7:
#include stdio.h
ìt@4Ô
#include string.h
ˆ#YØŽÛd void func(char *p)
func(char
16¿ÓÔWY {
char buffer1[10];
buffer1[10];
àPYK strcpy(buffer1,
strcpy(buffer1, p);
1f printf(buffer1);
printf(buffer1); }
Int main (int argc, char *argv[])
main(int argc, *argv [])
{
func(
func(“I am the law in the network”);
network”
return 0; }](https://image.slidesharecdn.com/random-110331094020-phpapp01/85/slide-50-320.jpg)
Uploaded byDavid Liao
網路攻擊技術分析
The document discusses various types of cyber attacks including denial of service attacks, man-in-the-middle attacks, password cracking attacks, and social engineering attacks. Specific attack methods covered include TCP SYN floods, Smurf attacks, password brute force, and dictionary attacks. Defense strategies proposed include ingress filtering, disk quotas, firewalls, and intrusion detection systems.
網路攻擊技術分析
- 1.
- 2.
- 3. ï[c)¸ØYaª • B • œRz •  • H[ž€ • µÈ • _”…;B
- 4. c)¸ØfY • ÿ_Øe´ • NxØeûUd4eØÌ,Ml6* • F*
- 5. • ˆ4b • 8œ? • A7ªo
- 6.
- 7. c)¸Øóè-ôÌ¸Ø • ô̸Ø8]§kæÁæéз뙆 ý¿ÐL· • lYô̸Ø, – ý (Masquerade) – g(Replay) – ù·(Message Modification) – œ(Denial of Service)
- 8. c)¸Øóè-—Ì¸Ø • —̸Ø8]§k(¢,)_{Ã*Y À_Æd (J(JÁI«™†·f • lY—̸Ø, – ÿÓ(Eavesdropping) – ·Ã±(Traffic Analysis)
- 9. c)¸Øtû 1ØŽ« 8 Xǽ 2fz§: 3®ÃPž 7m˜ 6†Nx 4_{‹ÉÆ 5dÆ
- 10.
- 11. lc)¸ØÙ,-œÙ • œÙ¸Ø – TCP SYN (SYN flood) – Smurf ¸Ø – Ping of Death – LAND Attack – Teardrop ¸Ø
- 12. lc)¸ØÙ,-FûÌ • eØ7m • @%(Worm) • ÝõûÌ
- 13. lc)¸ØÙ,-Iü • ¹Ÿ=§: • WÁ¸Ø • ¹ÞÚ® (Session Hijacking) • Ô¸Ø (Replay Attack) • àP (Buffer Overflow) • ÿÓ (SniffingeEavesdropping) • _tˆû (Social Engineering) • دÁ (SQL Injection)
- 14. ©3jc)¸ØÙ,¿#7Á œÙ¸Ø
- 15. œÙ¸Ø (1/2) • œÙ¸ØDoS (Deny of Service) – J8;c)ûUUÞ(¾³dˆ#œd –1)d jűc)ûU´Ðk´ë ·¦X›¯£Ð¼*jY xdÀ@}Ž òW«Y ÂÔd:Q4—¸ØYôÚÐc gÌ,ˆ#dø碵Ml¹jcgY ÒdÇ—œ¯.d¹”jôÚÐcgi ÐkJ¬ûÌÌ,ˆ#Y7.K1¿ÓûU …ÚdÌ,d6f
- 16. œÙ¸Ø (2/2) • lY¸ØÙÌ – Smurf – TCP DoS: Land ¸ØeTeardrop¸ØeTCP SYN ¸Ø – UDP Flood DoS – ICMP DoS
- 17. ±sÌœÙ¸Ø • ±s̜ٸØH‰DDoS –®±sY¸ØÙÌdL¥c)jDï DoS¸ØYôÚÛï¸Ød¯õÛœ« *[}Ž t]ç¸ØYfzd¿ÓÁÙ ûU#7d ¬çÌ,Mld6f
- 18. DDoS ¸Øj¡ ]§(1Ç DaemonûÌ client daemon ¸Øk client daemon daemon a”ôÚ daemon client ICMP Echoreply Packets daemon Internet ôÚ
- 19. TCP SYN (SYNflood) (1/2) • ¸Øa#j – J;Âi4X›(TCP)m¹ÞÃ@ê¾@g£ te(three way handshake)Yx›ÚSþ£f HOST HOST A B Send SYN Receive SYN (seq=x) seq=x) (seq=x) seq=x) Send SYN Receive SYN (seq=y, seq=y, (seq=y, seq=y, ACK=x+1) ACK=x+1) Receive ACK Receive ACK (ack=y+1) ack=y+1) (ack=y+1) ack=y+1)
- 20. TCP SYN (SYNflood) (2/2) • ¸ØÙÌj – æÁ¸ØfzÔS¹HÞÿY8UgYSYN f – a¸ØYûU6Z J×QACK«ÐYSYN r Àõ•dQ×QÁÙYACK«ÐÐt@C‚ Ûœ‘Eðf – ûU6ª‰×”QACK«Ðdþ4{•9 rÀYSYN þÌ,Žˆ#I44kYËf
- 21. Smurf ¸Ø (1/2) •a#j – ICMP(Internet Control Message Protocol) ø1Ôc)Âi‹1qy¬Ã¹dø:Ùc)¾ LYeØJIÞ«Ðf – :ÙÙÌ • ÁôÚgÂÔICMP echo request packet. • ðôÚ×QÛd·l6«ÐICMP echo reply packet. • ·lµH@ûJ_SH“ping”vÿ8:Ó – ªädøûÌ8;IP ProtocolÂÔ}Žping message Internetj¢µ(Úœd¿Ó}Ž Reply message¿Óc)t·Y#7f
- 22. Smurf ¸Ø (2/2) •Smurf Dos Y¸ØÙÌj – }Ž*[ÿ¿YICMP echo Request – Zÿ¿Y Ô?ggdÍ?gg6 «}ŽYicmp«Ð fzeØf¿Ó» µ4pYICMP echo reply «ç¸ØY fzf – Í7jping -s 30000 192.168.30.255 • µGÙÌHÞó}YÖdÔøf—H‰ ó}è smurf ¸Øf
- 23. Ping of Death •a# – ˜Ping of Death™J¾_ïÔ@}Y ping Ë (ICMP echo request) dø¿ÓàP (Overflow)d1þ¬çÌ,Ml6*Ð…Úf
- 24. LAND Attack • ¸Øk;IP ý Y¦”L·CZÔY dZI8U~fY IP gi·ÓJfzÚ œY IP gdø¿Z8U~fz¹Ÿ=p· ‰Suf • äG¸ØøÿT,*8ûUÐc)£ê…Ú Ì,Ml6* From : 60.44.35.11:23 TO: 64.44.35.11:23 fzÚœ 8U~fYYIPß´ 60.44.35.11 ¸Øk 8U~fYY¹Ÿ=´ Port 23 Open Crash 211.3.56.22
- 25. Teardrop ¸Øa# • a#j;IP Y x†¸Øf • ¸ØÙ,j – ïÔS¾$9£@Y êlQfzeØdµ S êl ^Y ÌYE=dµ4{µ Óa8YIP Ûd¬çc)ôÚ¬: }ƒd¿ÓûU…Ú$e Ml˜êl .l˜êl
- 26.
- 27. døÜ8U”¥#ÐJfzJ broadcastY •Ä Ä#æ e]§»Ð]§k#ûU • ¼?ãX(Disk Quota)
- 28.
- 29. ©3jc)¸ØÙ,¿#7Á FûÌ
- 30. eØ7m • Þ”YeØûÌ(FûÌ) –B•mYûÌ(¯$›‹1hï*(½jÚ‚ªo) • Gó – šÚèeæéèe6«èe$~1èePiè – G7m • ¯ÙÌ – T[¯$›ÐûÌd7: .exe, .dll, .htm, .vbs, .js • ÂÈÄ° – e‰eFTPec)yLeInternet c+íŽ • fY – NxØe›SôÚe#7c)e*¸Ø
- 31. @% (Worm) • ~7m¢ló'YF ûÌd(J(”êT ôûÌ1”Ù ¡ ‰ • @%6ƒ8eØ UeL·ûU£›Ð¬ çûUÌ,6*f
- 32. Ýõû̧W • WÝõûÌ –a¤$~zÝõefH˜ûÌf – ¯Internetjd“$~zÝõ”·8S,ûÌ£[p¯ I}c)jh1YÐûÌ•d£ ^Yø› SÒYeØûUYûÌd¿ÓÒYûUØ .ƒe—NxŸôÚ#7YFYÃLÇ›ûÌf – Client (›SL) / Server (—›SL) Vôf – ?I$D • ý • =8Y¯‰ • ”¢?Ÿdp(”ô QIüÖ • d6‘ÒÐÒL=
- 33. Ýõû̱ • ÝõûÌ8U – ûU—]§J¡”] – F4k£YØ% – B8)”üYûÌeÄ —·@YûÌ – —c)@% Q • Ýõóè – ÃLÇ›è/Nxè/ŸµÏ}è/WÁÂÔè/FTPè • ôÂgÙÌ – e‰qæéh1/À@*8ûUÐÐûÌ ®Ã—G” • ôfY – ›SôÚeØÿ_e*¸Øe#7c)
- 34. FûÌYÁ • Ä #m´ •Ä Ýõû̧:œ • –?»-#m´eÝõû̧:œYØ«
- 35. ©3jc)¸ØÙ,¿#7Á ¹Ÿ=§:
- 36. ¹Ÿ=§: • TCP/IP X›d6 65536 H¹Ÿ=d*‰Á. ¹ŸYLà – TCP ~ UDP port • ¹Ÿ=§:Yôf®¯õ» fzeØûU Ôš¼Y¹Ÿ=d†þ±IÞd6,c) ø¿4JnõSG*8ûU. A Port Scan B Port 1000,2000,3000.... ¸Ø
- 37. ¹Ÿ=§:YÁ • þ”ê4YÐûÌ • 4)_œÀ_›Sö e#æ eþ## œ£›À_›SÚS • 4IDSÆ9¹Ÿ=§:z • EðЯ*8ûUÐJÐûÌYÆ9¾î (banner) • ºtл-‰»ÄŒY*8ûUeÐûÌe ·ÃX›
- 38. ©3jc)¸ØÙ,¿#7Á WÁ¸Ø
- 39. WÁ¸Ø • vbN (Brute-forceattack) – À@”Ù“ »¢G¥,¿©Y¥QM ½‰ßY¸ØÙ, • ¿J¸Ø (Dictionary-Based attack) – ;lYWÁq¿d”Ù®· ¥SQN WÁ‰ß y¬!! A y¬!! B nîeWÁ
- 40. WÁ¸ØYÁ • £›SHvxYWÁaÆþµHaÆ« ^ ½hY£›: – ¼ OÌWÁ» – ¼WÁðõ—» – ¼WÁð—4‚» – ¼WÁy¬A›»
- 41. ©3jc)¸ØÙ,¿#7Á ¹ÞÚ®
- 42. ¹ÞÚ®Ya# • Session Hijacking•ÖH‰˜¹ÞÚ®™ • ¸Øa#j – …]§k¯4kî]ôÚ(Ó…½©dC †¹ÞÚ®d+¥,4k'ôÚœY¹Þ•Ùd ]§kYeØ_þ¥,4k~ÃLôÚ†¹d ]§kÀ_4a¥,4kÔÞÞÆÀ_Y ‚Uf • Kra”õ1998Ë11ÜÜ3YHuntd ”Þ “daemon9”Ü3Yjuggernautdid6Session Hijacking
- 43.
- 44. Session Hijacking YÁ •D4Þd6ëLÌ…Ç(mutual authentication)
- 45. YX›7½IPSECeSSH dø·ÃœYÄŒ. ÃLôÚ IPSEC / SSH Ú®Ó
- 46. A B ¸Ø0»
- 47. ©3jc)¸ØÙ,¿#7Á Ô¸Ø (Replay Attack)
- 48. Ô¸Ø (Replay Attack) •a#j – ¸ØkõÿÓc)d_(¾}Y·ÃPÙÂÔ Y¯ÇÃd˜© Ôµ…¯ÇÃøÿ½TH $Þ–LY4kdø:QÀ_ûUY]§f Yf • Áj – –L£›®0õÞÖÛœS – ®ÆP£ÇYÄŒÌX›
- 49. ©3jc)¸ØÙ,¿#7Á àP(BufferOverflow)
- 50. àP (Buffer Overflow) •£¯ûÌ•Ô SY¾³ï Í7: #include stdio.h ìt@4Ô #include string.h ˆ#YØŽÛd void func(char *p) func(char 16¿ÓÔWY { char buffer1[10]; buffer1[10]; àPYK strcpy(buffer1, strcpy(buffer1, p); 1f printf(buffer1); printf(buffer1); } Int main (int argc, char *argv[]) main(int argc, *argv []) { func( func(“I am the law in the network”); network” return 0; }
- 51. àP˜ÄŒB¤ • Póè –I®(local buffer overflow) – ÃL(remote buffer overflow) • ÄŒB¤ – ‘c)ÿ_Ø – †*Ì¸Ø • #7Á – –?»-~Ä LMæ(patches) – ’5Ä ~4J¾» Ьƴ
- 52.
- 53. ÿÓ • ÿÓJl—4Y—̸Ø, –Ú (èV±«™ – N÷WÌØ • SnifferBÛ6ZTÄc)£›Ó‡Úˆ# |Ì(Promiscuous Mode), p1J”‚ Y@é • ªÐÁj – 4switch _þ hub – 4ÄŒYX›ÐJ