TẤN CÔNG DoS VÀ CÁCH PHÒNG CHỐNG.pdf
If you can't read please download the document
-
Upload
nguyen-danh-nam -
Category
Documents
-
view
805 -
download
37
Transcript of TẤN CÔNG DoS VÀ CÁCH PHÒNG CHỐNG.pdf
-
1
-
:
V
GVHD
SVTH : 1.
MSSV: 0951150005
CNG
MSSV: 0951150006
TP.HCM ngy 20
-
2
nhm
cch phng c .
-
3
TI: DOS ATTACK
P I: QUAN CNG
Trang
I. cc cng 4
II. v cc cng
II I. 7
PH N II :
I . DoS attack l g ? 12
II. Cc cng DoS 14
III . 23
P III : DOS
I. DoS 27
II.
III . 34
P IV : DOS
-
4
I: QUAN CNG
I. CC CNG
1.S ki n b o m t c
VietNamNet b t n cng DDoS l ng c
http://vietnamnet.vn
"Hacktivism" n i d y
Hacktivism l
nhm hacker
),
,
http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=471121&ChannelID=16http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=471121&ChannelID=16http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=471121&ChannelID=16http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=472082&ChannelID=16 -
5
2.Cng ty cung cp gi i php b o m t cho chnh ph Hoa K b t n
cng
Vo thng 1-
hbgaryfederal.com
gim
3.Cc cu c t n cng DDoS ni ti ng trong l ch s
-
-
.
-
- Return to
Castle Wolfenstein, Halo, Counter-Strike
-
-
-
Visa.com
-
-
v DDoS.
-
6
I I. CNG
c l php, quy
trnh, an ninh
C l do m c nhn cng doanh c nhn
cc cng l
vi m cng v tin
tm
tri php ti k dng v
m cho cc
m v tham
cho ch ti chnh gin cng
cc hnh dng php c
truy vo cc v cc
hnh lm ti nguyn v thng.
-
7
II I .
1. "Tay trong"
2.
nguy
3.
4.
-
8
5.
ess access-
-
6.
7.
8.
spyware, virus, trojan...
9. Email
d
tnh.
10.
-
9
hng
11. M t s
-
m.
tr
12. Nh m y u trong v b o m t:
configuration weaknesses v policy weaknesses.
12.1) Technology weaknesses:
c ,
hardware.
12.1.1) TCP/IP weaknesses:
-
10
IP
.
nn
IP
IP
IP spoofing, man-in-the-middle v
session replay.
12.1.2) Operating System weaknesses:
12.1.3) Network equipment weaknesses:
12.2) Configuration weaknesses:
.
: ,
,
12.2.1) Unsecured user account:
Cc
12.2.2) System account with easily guessed password:
. ,
12.2.3) Misconfigured Internet services:
-
11
g vo.
ra
12.2.4) Unsecured default settings in product:
N lm cho cng
gip ch
12.2.5) Misconfigured Netword Equipment:
12.3) Policy weaknesses:
-
12
I - GI I THI U V DOS
1. Khi ni m
Denial Of Services Attack ( cng ) l cng
cng ny, my tnh Internet l c
cng my tnh .
T DoS attack l hacker ti nguyn
trn server ( ti nguyn c l thng, cpu, ... ) lm cho
server khng no cc yu cc my khc ( my
dng bnh ) v server c nhanh chng ng
crash reboot.
2. Cc m c c a t n cng DoS
C g ng chi m thng m ng v lm h th ng m ng b ng p (flood), khi
h th ng m ng s khng c kh ng nh ng d ch v khc cho
i dng bnh ng.
C g ng lm ng t k t n i gi a hai my, v ch n qu trnh truy c p vo
d ch v .
C g ng ch n nh ng i dng c th vo m t d ch v no
C g ng ch n cc d ch v khng cho i khc c kh truy c p
vo.
Khi t cng DoS ra dng c gic khi truy vo
+ Disable Network -
+ Disable Organization - khng
+ Financial Loss Ti chnh
-
13
3. M c tiu m k t n cng ng s d ng t n cng DoS
chng ta bn trn cng DoS ra khi cng
ti nguyn v khng cho dng bnh
cc ti nguyn chng cng l g:
ra khan v khng ti nguyn
thng c a h th ng m ng (Network Bandwidth), b nh , v CPU
Time hay c u trc d li u u l m c tiu c a t n cng DoS.
T n cng vo h th ng khc ph c v cho m ng my tnh h th ng u
ho, h th ng n, h t h ng lm mt v nhi u ti nguyn khc c a doanh
nghi p. B n th ng ng khi ngu n n vo my ch web b ng t th
i dng c th truy c p vo my ch khng.
Ph ho i ho c thay i cc thng tin c u hnh.
Ph ho i t ng v t l ho c cc thi t b m ng ngu n n, u
4. D u hi u khi b t n cng DoS
ng th hi u su t m ng s r t ch m.
Khng th s d ng website.
Khng truy c c b t k website no.
-
14
II . CC CNG DOS
1. Winnuke
Hnh 2.1
DoS attack ny c p cho cc my tnh
Windows9x. Hacker cc gi tin "Out of Band" 139
my tnh 139 chnh l NetBIOS, ny cc gi
tin c Out of Band ). Khi my tnh victim gi tin ny,
mn hnh xanh bo ln nhn do trnh
Windows cc gi tin ny n khng cc
Out Of Band no crash .
2. Ping of Death
-
15
Khi
N
3. Teardrop
-
16
Hnh 2.3
ta , cc trn
qua 2 qu trnh : chia ra thnh cc
c gi offset xc
tr trong gi Khi cc ny
ch vo gi offset cc nhau theo
ban . , ta
gi packets gi offset cho ln nhau. khng
no cc packets ny, n khng v c crash, reboot
gi packets gi offset cho ln
nhau qu !
4. SYN Attack
Hnh 2.4
SYN
ACK
SYN/ACK
Client Server
SYN
SYN/ACK
SYN/ACK
Server Attacker/Agent
Malicious
TCP
Client
Victim
TCP
Server
SYS packet with a deliberately fraudulent
(spoofed) source IP return address
SYS/ACK
SYN
80
?
TCP
Client
ClientPort
1024-65535
TCP
Server
ServicePort
1-1023
SYS
ACK
SYN/ACK
80
-
17
Trong SYN Attack, hacker SYN packets
IP khng c khi cc SYN packets ny
cc khng c v thng tin
cc IP .
V l cc IP khngc nn v ch
v cn cc ny vo , gy lng ph
nh trn my m ra l dng vo khc thay cho
thng tin khng c ny . ta cng lc gi tin c
IP th qu crash boot my tnh .
5. Land Attack
Hnh 2.5 M Hnh t n cng b ng Land Attack
Land Attack SYN Attack, thay v dng cc IP
khng c hacker dng chnh IP nhn. ny
nn vng v trong chnh nhn bn
thng tin cn bn th bao thng tin
. == > ng ng .
6. Smurf Attack
-
18
Trong Smurf Attack, c ba thnh hacker ra cng),
nghe hacker) v nhn. Hacker
cc gi tin ICMP broadcast l cc
gi tin ICMP packets ny c IP chnh l ch IP nhn .
Khi cc packets broadcast cc my
tnh trong my tnh nhn gi tin ICMP
packets v chng nhn cc gi tin
ICMP packets. my nhn khng
cc gi tin ny v nhanh chng crash reboot.
cc gi tin ICMP packets th
gi tin ICMP packets ny ln .
vo tnh c trong i .
cc hacker l cng routers cho php
cc gi tin broadcast khng qua
cc ra gi tin . C cc ny, hacker dng hnh Smurf
Attack trn cc cng . == > .
7. Fraggle Attack
-
19
Hnh 2.7 M H
tiu.
8. UDP Flooding
Hnh 2.8
-
20
Cch cng UDP c 2 my cng tham gia. Hackers
lm cho mnh vo vng trao cc qua giao
UDP. V IP cc gi tin l loopback (127.0.0.1 ) ,
gi tin ny nhn trn UDP echo( 7 ).
nhn cc messages do 127.0.0.1( chnh n)
, l n vng vng v Tuy nhin, c
khng cho dng loopback nn hacker IP my
tnh no trn nhn v hnh UDP trn
nhn . lm cch ny khng thnh cng th chnh my s .
9. T n cng DNS
Hacker c vo trn Domain Name Server
nhn cho website no hacker. Khi my khch yu DNS
phn tch xm thnh IP, DNS ( hacker thay
cache i ) thnh IP m hacker cho . l
thay v vo trang Web vo th cc nhn vo trang Web do chnh
hacker ra . cch cng !.
10. Distributed DoS Attacks ( DDos )
Attacker cng
Handler: my tnh
Attacker
Zombie: my tnh
Handler
Victim : nhn cng
Attacker
Hnh 2.10 M hnh cng DDos
DDoS yu c t vi hackers cng tham gia. tin cc hackers
thm vo cc my tnh km, sau ci ln cc
-
21
ny trnh DDoS server. By cc hackers nhau
gian dng DDoS client cc DDoS servers, sau ra
cho cc DDoS servers ny hnh cng DDoS nhn .
11. The Distributed Reflection Denial of Service Attack(DRDoS )
c l cng v lm boot my tnh
nhanh Cch lm th DDos thay v
my tnh th cng dng my cng thng qua cc
server trn i . php IP victim ,
cng cc gi tin cc server nhanh v c
Yahoo , cc server ny cc gi tin
victim .
cng m lc gi tin thng qua cc server ny nhanh
chng lm my tnh nhn v lm crash , reboot my
tnh . Cch cng ny my c Internet
bnh th c c
ta khng . Trang WebHVA chng
ta DoS cch cng ny
-
22
Hnh 2.10 M hnh cng DRDos
-
23
I II :
1. DoSHTTP + Sprut:
Hnh 3.1 tool DoSHTTP v Sprut
2
-
24
2. LOIC
Hnh 3.2 Giao di n tool LOIC
LOIC l ng d ng t n cng t ch i d ch v c vi t b ng C#. Loic th c hi n
t n cng t ch i d ch v t n cng (ho c s d ng b i nhi u c nhn, l
m t cu c t n cng DDoS).
Trn m t trang web mc tiu lm ng p cc my ch v i cc gi tin TCP hoc
UDP v n dch v c a m t my ch c th . Cng c LOIC l
m t botnet tnh nguyn k t n i n m t my ch t xa m ch o cc cuc t n
cng. Hi n nay, c 40.000 i k t n i v i botnet.
-
25
3. UDP Flood
Hnh 3.3
c .
sinh
server.
-
26
4. rDoS
d ng th ph i c n th u khng my
tnh c a mnh s t ng t n cng DoS t nh khi mnh bt
ki m tra th chng ta s d ng
WireShark s th y r v .
-
27
I.
1. K thu t pht hi n
.
1.1 Ho nh hnh
ng gi a cc clusters.
s ng r rng clusters (tn cng DDoS).
1.2 Phn tch wavelet
1.3 Pht hi n m theo trnh t
gian.
-
28
2. Bi n i ph chi c DoS
H p th cu c t n cng:Dng kh h p th t n cng, yu
c u k ho c.
Lm gi m d ch v :Nh n bi t d ch v nguy hi m v d ng dch v
khng nguy him.
T t d ch v : T t t t c d ch v cho t i khi cu c t n cng gim b t.
3. Bi i ph t n cng DoS
3.1 B o v th c p victims
t ph n m m anti-virus, anti-Trojan v cp nh p b n m i.
n th c v v b o m t v k thu i s d ng
t t t c ngu n trn internet.
T t d ch v khng cn thi t, g b ng d ng khng s d ng, v qut tt
c files nh n t ngu n bn ngoi.
C ng xuyn cp nh p xy d u phng th trn li
ph n c ng v phn m m h th ng.
3.2 Pht hi n ti n cng
B l c xm nhp: B o v t t n cng trn ngp c ngu n g c t cc
ti n t h p l i kh i t o truy tm ngun g c th c s .
B l Qut header gi tin ca gi tin IP ra mt m ng. B l
ra khng chng th c ho ng nguy hi c ra kh i
m ng bn ngoi.
Ng t TCP: C u hnh ng a t n cng bng cch ngt v
yu c u k t n i TCP h p l .
-
29
3.3 Lm l ng t n cng
H th ng thi t l p v i gi i h n b o m t
ng cm d i v i k t n cng.
Ph c v k t n cng b
m t b n ghi cc ho ng, h c ki u t n cng v cng c ph n m m k
t n cng s d ng.
Dng phng th chi u su tip c n v i IPSec t m m ng khc nhau
chuy lu n vi honeypot.
3.4 Lm du cu c t n cng
Cn b ng t i:
o Nh cung c trn k t n i quan tr
ng a v gi m xu ng t n cng.
o Nhn bn my ch c th cung cp thm bo v an ton.
o Cn bng t i cho m i server trn cu trc nhi u server c th c i
ti n hi u su m ng c a cu c t n
cng DoS.
Ho u ch nh:
o Thi t l p cch thc router truy cp m t server v u chnh logic
i m s server x l.
o B x l c th a trn ngp thi t h i t i server.
o B x l ny c th m r u chnh lu ng t n i
l ng h p php c i s d ng cho kt qu t
-
30
3.5 Php l
nh n bi t ngu n c ng
DoS. M c d k t ng gi m a ch ngu n, d u v t
IP tr l i v i tr gip ngay l p t c c a ISP v thc thi php lu
quan c th cho php bt cc th ph m.
Phn tch m ng: D li u c th c phn tch-sau tn cng-
tm ki m ring bi ng t n cng.
M ng t n cng DoS c th i qu n tr m ng pht trin
k thu t l ng
Dng nh m, d li u c th c p nh p cn bng
t u chnh bi i ph.
4. B o v DoS
4.1 M ISP
( )
-
31
4.2 H th ng b o v IntelliGuard
IntelliGuard
cch
II. CNG C B O V DOS
1. NetFlow Analyzer
-
32
Hnh 2.1 Cng c NetFlow Analyzer
2. M t s cng c khc
D-Guard Anti -DDoS Firewall
D-Guard Anti-DDoS Firewall cung c y nh t v nhanh nht b o
v DDoS cho cc doanh nghip tr c tuy n, v cc d ch v n truy n thng,
thi t y u h t ng cng cng v cung cp d ch v Internet.
L m t chuyn nghip Anti-DDoS Firewall, D-Guard c th b o v ch ng l i
h u h t cc cuc t n cng cc loi, bao g m c DoS / DDoS, Super DDoS, DrDoS,
Fragment tn cng, t t t t bi n,
ng u nhin UDP Flooding tn cng, ICMP, IGMP tn cng, ARP Spoofing, HTTP
Proxy t n cng, CC Flooding tn cng, CC Proxy t
-
33
D-Guard Anti-DDoS Firewall cung cp m t c p trn cch tip c
gi m nh cc cuc t n cng DDoS, vi m t thi t k t p trung vo giao thng qua
h p php ch khng phi l lo i b giao thng tn cng, x l cc cu c t n cng
k ch b n c th suy thoi t i t nh t m khng cn hi u su t.
Hnh 2.2.1 Cng c D-Guard Anti -DDoS Firewall
FortGuard Firewall
FortGuard Firewall - m t gi i dng ch ng l i cc cu c t n
cng DDoS v chnh xc v hiu su t cao nht...
FortGuard Firewall l mt ph n m ng l a Anti-DDoS nh nh
m v i Intrusion Prevention System sn c.N c th b o v my tnh ca b n ch ng
l i cc cu c t n cng DDoS chnh xc nht v i hi u su t cao nht. FortGuard
Firewall c th ch ng l i SYN, TCP Flooding v cc loi t n cng DDoS khc v
kh c cc gi t n cng th i gian th c. n v
hi u ha/ kch hot truy c p qua proxy vo tng ng d ng v c th
2000 ki u ho ng c a hacker.
-
34
Hnh 2.2.2 Cng c FortGuard Firewall
III. KI M TRA THM NH P DOS
-
35
1. Ki m tra web server dng cng c t
Stress(WAS) v Jmeter cho kh u t i, hi u su t server, kha, v
kh r ng pht sinh.
2. Qut h th ng dng cng c t
khm ph bt k h th ng d b t n cng DoS.
3. Trn ngp m c tiu v i yu c u gi tin k t n i dng cng c Trin00, Tribe
Flood, v TFN2K.
4. T n cng trn ngp c y c d ng duy tr t t c
yu c u k t n i lm t c ngh n c ng.Dng cng c
t ng t n c ng trn ngp c ng.
5. Dng cng c Mail Bomber, Attache Bomber, v Advanced Mail Bomber
g i s ng mail l n cho mail server mc tiu.
6. n vo cc mu n i dung ty v ko di lm trn ngp trang web.
-
36
P
DOS
1. Ping of Dealth Attack
Trong h ta c th s d ng l IP -t -
ping m t destination mt cch lin tc
N n mu n m cng m t lc 20 c a s Window ping th ta c th k t
h p v i cu l For /L %i in (1,1,20) do start ping
192.168.1.254 -t -l 36000 s m ra cng mt lc 20 c a s
window ping lin t n IP 192.168.1.254
-
37
(B t wireshark khi b t n cng trn ng p ICMP b ng Ping of Death)
Ki u t n cng ICMP l kiu t n cng c n nh t, r t d th c hi n.
Cc router cu hnh y u r t d b t n cng v treo nhanh chng.
-
38
2. Syn Flood Attack
th th c hi u
nh xem hin t port 80 bng
cng c Nmap
Gi s IP Public hi n th i c d ng cu
l nmap sS p 80 118.68.226.1/24 scan
Ta th c hi n scan v xut ra file l scan_adsl.txt
Ki m tra n i dung file scan_adsl.txt v chn ra m t IP ta lm lab tip t c
