man in the middle in ipv4 and ipv6 vietnamese
DESCRIPTION
Ly thuyet va demo cua phuong phap MITM voi IPv4 va IPv6.TRANSCRIPT
NG DNG M KHI KHNG GIAN-THI GIAN CHO H THNG MIMO
MITM in IPv4&IPv6
I HC BCH KHOA, TP HCM
Tiu lun:TN CNG MITM TRONG IPV4 & IPV6
Mc Lc
21.Tm tt
32.Ni dung
32.1Cc kiu tn cng MITM trong IPV4
32.1.1Gi mo ARP Cache
32.1.1.1Gii thiu
32.1.1.2Nguyn tc lm vic ca ARP
42.1.1.3Truyn thng ARP thng thng
52.1.1.4Nguyn tc lm vic ca ARP trong mt mng LAN
62.1.1.5Nguyn tc hot ng ca ARP trong mi trng h thng mng
72.1.1.6ARP cache
72.1.1.7Gi mo ARP Cache (ARP Cache Poisoning)
82.1.1.8Gi mo bng ARP
92.1.1.9S dng Cain & Abel
132.1.1.10Bin php phng chng
152.1.1.11Kt lun
152.1.2Gi mo DNS.
152.1.2.1K thut gi mo DNS
152.1.2.2Truyn thng DNS
182.1.2.3Gi mo DNS
232.1.2.4Phng chng gi mo DNS
232.1.2.5Kt lun
242.1.3Chim quyn iu khin Session
242.1.3.1Thut ng chim quyn iu khin Session
262.1.3.2nh cp Cookies bng Hamster v Ferret
312.1.3.3Cch chng tn cng chim quyn iu khin Session
332.1.3.4Kt lun
332.2Cc kiu tn cng MITM trong IPV6
342.2.1MITM Vi co gi mo Neighbor ICMPv6
362.2.2MITM Vi co gi mo Router ICMPv6
403.Ph lc
403.1L thuyt IPV6
403.1.1Gii thiu
423.1.2Tng quan IPv6
474.TI LIU THAM KHO:
1. Tm ttBi vit phn tch phng php tn cng MITM trong IPV4 v IPV6. ng thi tin hnh m phng thc t bng chng trnh Cain&Abel cho IPv4 v parasite6 cho IPv6. Ngoi, ra bi vit cn a ra c cc phng php phng trnh v pht hin cho cc loi tn cng MITM.2. Ni dung
2.1 Cc kiu tn cng MITM trong IPV42.1.1 Gi mo ARP Cache
2.1.1.1 Gii thiuMt trong nhng tn cng mng thng thy nht c s dng chng li nhng c nhn v cc t chc ln chnh l cc tn cng MITM (Man in the Middle). C th hiu nm na v kiu tn cng ny th n nh mt k nghe trm. MITM hot ng bng cch thit lp cc kt ni n my tnh nn nhn v relay cc message gia chng. Trong trng hp b tn cng, nn nhn c tin tng l h ang truyn thng mt cch trc tip vi nn nhn kia, trong khi s thc th cc lung truyn thng li b thng qua host ca k tn cng. V kt qu l cc host ny khng ch c th thng dch d liu nhy cm m n cn c th gi xen vo cng nh thay i lung d liu kim sot su hn nhng nn nhn ca n.Trong bi lun ny, nhm s gii thch mt s hnh thc tn cng MITM hay c s dng nht, chng hn nh tn cng gi mo ARP Cache, DNS Spoofing, chim quyn iu khin (hijacking) HTTP session,.. Nh nhng g thy c trong th gii thc, hu ht cc my tnh nn nhn u l cc my tnh Windows. Vi l do , bi lun ny nhm s tp trung ton b vo nhng khai thc MITM trn cc my tnh ang chy h iu hnh Windows. C th tn cng s c thc hin t cc my tnh Windows. Tuy nhin trong mt s trng hp, khi khng c cng c no cho cc tn cng hin din, nhm s s dng Backtrack Linux 4, c th download di dng mt live-CD hoc mt my o .
2.1.1.2 Nguyn tc lm vic ca ARP
Nh ta bit ti tng Network ca m hnh OSI , chng ta thng s dng cc loi a ch mang tnh cht quy c nh IP, IPX Cc a ch ny c phn thnh hai phn ring bit l phn a ch mng (NetID) v phn a ch my ( HostID) . Cch nh s a ch nh vy nhm gip cho vic tm ra cc ng kt ni t h thng mng ny sang h thng mng khc c d dng hn. Cc a ch ny c th c thay i theo ty ngi s dng.Trn thc t, cc card mng (NIC) ch c th kt ni vi nhau theo a ch MAC, a ch c nh v duy nht ca phn cng. Do vy ta phi c mt c ch chuyn i cc dng a ch ny qua li vi nhau. T ta c giao thc phn gii a ch: Address Resolution Protocol (ARP).2.1.1.3 Truyn thng ARP thng thngGiao thc ARP c thit k phc v cho nhu cu thng dch cc a ch gia cc lp th hai v th ba trong m hnh OSI. Lp th hai (lp data-link) s dng a ch MAC cc thit b phn cng c th truyn thng vi nhau mt cch trc tip. Lp th ba (lp mng), s dng a ch IP to cc mng c kh nng m rng trn ton cu. Lp data-link x l trc tip vi cc thit b c kt ni vi nhau, cn lp mng x l cc thit b c kt ni trc tip v khng trc tip. Mi lp c c ch phn nh a ch ring, v chng phi lm vic vi nhau to nn mt mng truyn thng. Vi l do , ARP c to vi RFC 826, mt giao thc phn nh a ch Ethernet - Ethernet Address Resolution Protocol.
Hnh 1.1: Qu trnh truyn thng ARP
Thc cht trong vn hot ng ca ARP c tp trung vo hai gi, mt gi ARP request v mt gi ARP reply. Mc ch ca request v reply l tm ra a ch MAC phn cng c lin quan ti a ch IP cho lu lng c th n c ch ca n trong mng. Gi request c gi n cc thit b trong on mng, trong khi gi n ni rng (y ch l nhn cch ha gii thch theo hng d hiu nht) Hey, a ch IP ca ti l XX.XX.XX.XX, a ch MAC ca ti l XX:XX:XX:XX:XX:XX. Ti cn gi mt vi th n mt ngi c a ch XX.XX.XX.XX, nhng ti khng bit a ch phn cng ny nm u trong on mng ca mnh. Nu ai c a ch IP ny, xin hy p tr li km vi a ch MAC ca mnh! p tr s c gi i trong gi ARP reply v cung cp cu tr li, Hey thit b pht. Ti l ngi m bn ang tm kim vi a ch IP l XX.XX.XX.XX. a ch MAC ca ti l XX:XX:XX:XX:XX:XX. Khi qu trnh ny hon tt, thit b pht s cp nht bng ARP cache ca n v hai thit b ny c th truyn thng vi nhau. 2.1.1.4 Nguyn tc lm vic ca ARP trong mt mng LANKhi mt thit b mng mun bit a ch MAC ca mt thit b mng no m n bit a ch tng network (IP, IPX) n s gi mt ARP request bao gm a ch MAC address ca n v a ch IP ca thit b m n cn bit MAC address trn ton b mt min broadcast. Mi mt thit b nhn c request ny s so snh a ch IP trong request vi a ch tng network ca mnh. Nu trng a ch th thit b phi gi ngc li cho thit b gi ARP request mt gi tin (trong c cha a ch MAC ca mnh). Trong mt h thng mng n gin, v d nh PC A mun gi gi tin n PC B v n ch bit c a ch IP ca PC B. Khi PC A s phi gi mt ARP broadcast cho ton mng hi xem "a ch MAC ca PC c a ch IP ny l g ?" Khi PC B nhn c broadcast ny, n s so snh a ch IP trong gi tin ny vi a ch IP ca n. Nhn thy a ch l a ch ca mnh, PC B s gi li mt gi tin cho PC A trong c cha a ch MAC ca B. Sau PC A mi bt u truyn gi tin cho B.2.1.1.5 Nguyn tc hot ng ca ARP trong mi trng h thng mngHot ng ca ARP trong mt mi trng phc tp hn l hai h thng mng gn vi nhau thng qua mt Router C. My A thuc mng A mun gi gi tin n my B thuc mng B. Do cc broadcast khng th truyn qua Router nn khi my A s xem Router C nh mt cu ni hay mt trung gian (Agent) truyn d liu. Trc , my A s bit c a ch IP ca Router C (a ch Gateway) v bit c rng truyn gi tin ti B phi i qua C. Tt c cc thng tin nh vy s c cha trong mt bng gi l bng nh tuyn (routing table). Bng nh tuyn theo c ch ny c lu gi trong mi my. Bng nh tuyn cha thng tin v cc Gateway truy cp vo mt h thng mng no . V d trong trng hp trn trong bng s ch ra rng i ti LAN B phi qua port X ca Router C. Bng nh tuyn s c cha a ch IP ca port X. Qu trnh truyn d liu theo tng bc sau :- My A gi mt ARP request (broadcast) tm a ch MAC ca port X.- Router C tr li, cung cp cho my A a ch MAC ca port X.- My A truyn gi tin n port X ca Router.- Router nhn c gi tin t my A, chuyn gi tin ra port Y ca Router. Trong gi tin c cha a ch IP ca my B. Router s gi ARP request tm a ch MAC ca my B.- My B s tr li cho Router bit a ch MAC ca mnh. Sau khi nhn c a ch MAC ca my B, Router C gi gi tin ca A n B.Trn thc t ngoi dng bng nh tuyn ny ngi ta cn dng phng php proxyARP, trong c mt thit b m nhn nhim v phn gii a ch cho tt c cc thit b khc.Theo cc my trm khng cn gi bng nh tuyn na Router C s c nhim v thc hin, tr li tt c cc ARP request ca tt c cc my.2.1.1.6 ARP cacheARP cache c th coi nh mt bng c cha mt tp tng ng gia cc phn cng v a ch Internet Protocol (IP). Mi mt thit b trn mt mng no u c cache ring. C hai cch lu gi cc entry trong cache phn gii a ch din ra nhanh. l:* Cc entry ARP Cache tnh. y, s phn gii a ch phi c add mt cch th cng vo bng cache v c duy tr lu di.* Cc entry ARP Cache ng. y, cc a ch IP v phn cng c gi trong cache bi phn mm sau khi nhn c kt qu ca vic hon thnh qu trnh phn gii trc . Cc a ch c gi tm thi v sau c g b.ARP Cache bin mt qu trnh c th gy lng ph v mt thi gian thnh mt qu trnh s dng thi gian mt cch hiu qu. Mc d vy n c th bt gp mt s vn . Cn phi duy tr bng cache. Thm vo cng c th cc entry cache b c theo thi gian, v vy cn phi thc thi ht hiu lc i vi cc entry cache sau mt qung thi gian no .2.1.1.7 Gi mo ARP Cache (ARP Cache Poisoning) Trong phn u tin ca bi lun ny, nhm s gii thiu cho cc bn v vic gi mo ARP cache. y l mt hnh thc tn cng MITM hin i c xut s lu i nht (i khi cn c bit n vi ci tn ARP Poison Routing), tn cng ny cho php k tn cng (nm trn cng mt subnet vi cc nn nhn ca n) c th nghe trm tt c cc lu lng mng gia cc my tnh nn nhn. Nhm chn y l tn cng u tin cn gii thiu v n l mt trong nhng hnh thc tn cng n gin nht nhng li l mt hnh thc hiu qu nht khi c thc hin bi k tn cng.2.1.1.8 Gi mo bng ARP
Gi mo ARP chnh l li dng bn tnh khng an ton ca giao thc ARP. Khng ging nh cc giao thc khc, chng hn nh DNS (c th c cu hnh ch chp nhn cc nng cp ng kh an ton), cc thit b s dng giao thc phn gii a ch (ARP) s chp nhn nng cp bt c lc no. iu ny c ngha rng bt c thit b no c th gi gi ARP reply n mt my tnh khc v my tnh ny s cp nht vo bng ARP cache ca n ngay gi tr mi ny. Vic gi mt gi ARP reply khi khng c request no c to ra c gi l vic gi ARP vu v. Khi cc ARP reply vu v ny n c cc my tnh gi request, my tnh request ny s ngh rng chnh l i tng mnh ang tm kim truyn thng, tuy nhin thc cht h li ang truyn thng vi mt k tn cng.
Hnh 1.2: Chn truyn thng bng cc gi mo ARP Cache
2.1.1.9 S dng Cain & AbelHy nhm a ra mt kch bn v xem xt n t gc l thuyt n thc t. C mt vi cng c c th thc hin cc bc cn thit gi mo ARP cache ca cc my tnh nn nhn. Nhm s s dng cng c bo mt kh ph bin mang tn Cain & Abel ca Oxid.it. Cain & Abel thc hin kh nhiu th ngoi vn gi mo ARP cache, n l mt cng c rt hu dng cn c trong kho v kh ca bn. Vic ci t cng c ny kh n gin.Trc khi bt u, bn cn la chn mt s thng tin b sung. C th nh giao din mng mun s dng cho tn cng, hai a ch IP ca my tnh nn nhn.Khi ln u m Cain & Abel, bn s thy mt lot cc tab pha trn ca s. Vi mc ch ca bi, nhm s lm vic trong tab Sniffer. Khi kch vo tab ny, bn s thy mt bng trng. in vo bng ny bn cn kch hot b sniffer i km ca chng trnh v qut cc my tnh trong mng ca bn.
Hnh 1.3: Tab Sniffer ca Cain & Abel
Kch vo biu tng th hai trn thanh cng c, ging nh mt card mng. Thi gian u thc hin, bn s b yu cu chn giao din m mnh mun sniff (nh hi). Giao din cn phi c kt ni vi mng m bn s thc hin gi mo ARP cache ca mnh trn . Khi chn xong giao din, kch OK kch hot b sniffer i km ca Cain & Abel. Ti y, biu tng thanh cng c ging nh card mng s b nhn xung. Nu khng, bn hy thc hin iu . xy dng mt danh sch cc my tnh hin c trong mng ca bn, hy kch biu tng ging nh k hiu (+) trn thanh cng c chnh v kch OK.
Hnh 1.4: Qut cc thit b trong mng
Nhng khung li trng rng lc ny s c in y bi mt danh sch tt c cc thit b trong mng ca bn, cng vi l a ch MAC, IP cng nh cc thng tin nhn dng ca chng. y l danh sch bn s lm vic khi thit lp gi mo ARP cache. pha di ca s chng trnh, bn s thy mt lot cc tab a bn n cc ca s khc bn di tiu Sniffer. Lc ny bn xy dng c danh sch cc thit b ca mnh, nhim v tip theo ca bn l lm vic vi tab APR. Chuyn sang ca s APR bng cch kch tab.Khi trong ca s APR, bn s thy hai bng trng rng: mt bn pha trn v mt pha di. Khi thit lp chng, bng pha trn s hin th cc thit b c lin quan trong gi mo ARP cache v bng bn di s hin th tt c truyn thng gia cc my tnh b gi mo.Tip tc thit lp s gi mo ARP bng cch kch vo biu tng ging nh du (+) trn thanh cng c chun ca chng trnh. Ca s xut hin c hai ct t cnh nhau. Pha bn tri, bn s thy mt danh sch tt c cc thit b c sn trong mng. Kch a ch IP ca mt trong nhng nn nhn, bn s thy cc kt qu hin ra trong ca s bn phi l danh sch tt c cc host trong mng, b qua a ch IP va chn. Trong ca s bn phi, kch vo a ch IP ca nn nhn khc v kch OK.
Hnh 1.5: Chn thit b nn nhn ca vic gi mo
Cc a ch IP ca c hai thit b lc ny s c lit k trong bng pha trn ca ca s ng dng chnh. hon tt qu trnh, kch vo k hiu bc x (vng en) trn thanh cng c chun. iu s kch hot cc tnh nng gi mo ARP cache ca Cain & Abel v cho php h thng phn tch ca bn tr thnh ngi nghe ln tt c cc cut truyn thng gia hai nn nhn. Nu bn mun thy nhng g ang din ra sau phng ny, hy ci t Wireshark v lng nghe t giao din khi bn kch hot gi mo. Bn s thy lu lng ARP n hai thit b v ngay lp tc thy s truyn thng gia chng.
Hnh 1.6: Chn lu lng ARP
Khi kt thc, hy kch vo k hiu bc x (vng en) ln na ngng hnh ng gi mo ARP cache. 2.1.1.10 Bin php phng chngNghin cu qu trnh gi mo ARP cache t quan im ca ngi phng chng, chng ta c mt cht bt li. Qu trnh ARP xy ra trong ch background nn c rt t kh nng c th iu khin trc tip c chng. Khng c mt gii php c th no, tuy nhin chng ta vn cn nhng lp trng i tin phong v phn ng tr li nu bn lo lng n vn gi mo ARP cache trong mng ca mnh.Bo mt LANGi mo ARP Cache ch l mt k thut tn cng m n ch sng st khi c gng chn lu lng gia hai thit b trn cng mt LAN. Ch c mt l do khin cho bn lo s v vn ny l liu thit b ni b trn mng ca bn c b tha hip, ngi dng tin cy c nh him c hay khng hoc liu c ai c th cm mt thit b khng tin cy vo mng. Mc d chng ta thng tp trung ton b nhng c gng bo mt ca mnh ln phm vi mng nhng vic phng chng li nhng mi e da ngay t bn trong v vic c mt thi bo mt bn trong tt c th gip bn loi tr c s s hi trong tn cng c cp y.M ha ARP CacheMt cch c th bo v chng li vn khng an ton vn c trong cc ARP request v ARP reply l thc hin mt qu trnh km ng hn. y l mt ty chn v cc my tnh Windows cho php bn c th b sung cc entry tnh vo ARP cache. Bn c th xem ARP cache ca my tnh Windows bng cch m nhc lnh v nh vo lnh arp a.
Hnh 1.7: Xem ARP Cache
C th thm cc entry vo danh sch ny bng cch s dng lnh arp s .Trong cc trng hp, ni cu hnh mng ca bn khng my khi thay i, bn hon ton c th to mt danh sch cc entry ARP tnh v s dng chng cho cc client thng qua mt kch bn t ng. iu ny s bo m c cc thit b s lun da vo ARP cache ni b ca chng thay v cc ARP request v ARP reply.Kim tra lu lng ARP vi chng trnh ca hng th baTy chn cui cng cho vic phng chng li hin tng gi mo ARP cache l phng php phn ng c lin quan n vic kim tra lu lng mng ca cc thit b. Bn c th thc hin iu ny vi mt vi h thng pht hin xm phm (chng hn nh Snort) hoc thng qua cc tin ch c thit k c bit cho mc ch ny (nh xARP). iu ny c th kh thi khi bn ch quan tm n mt thit b no , tuy nhin n vn kh cng knh v vng mc trong vic gii quyt vi ton b on mng.
Hnh 1.8 Chng trnh xARP co th pht hin MITM attack-ARP poisioning
2.1.1.11 Kt lunGi mo ARP Cache l mt chiu kh hiu qu trong th gii nhng k tn cng th ng man-in-the-middle v n rt n gin nhng li hiu qu. Hin vic gi mo ARP Cache vn l mt mi e da rt thc trn cc mng hin i, va kh b pht hin v kh nh tr. Trong phn tip theo ca bi lun ny, nhm s tp trung vo vn phn gii tn v khi nim gi mo DNS. 2.1.2 Gi mo DNS.
Trong phn u ca bi lun ny, nhm gii thiu cho cc bn v truyn thng ARP v ARP cache ca mt thit b c th b gi mo nh th no redirect lu lng mng ca cc my tnh qua mt my khc vi mc ch xu. Trong bi ny, nhm gii thiu cho cc bn v mt kiu tn cng MITM khc, gi mo DNS (DNS Spoofing). Nu cha c phn gi mo ARP Cache, cc bn nn quay li v c qua n trc v bi vit ny s s dng mt s k thut m nhm gii thiu trong bi .2.1.2.1 K thut gi mo DNSGi mo DNS l mt k thut MITM c s dng nhm cung cp thng tin DNS sai cho mt host khi ngi dng duyt n mt a ch no , v d, www.bankofamerica.com c IP XXX.XX.XX.XX, th c gng ny s c gi n mt a ch www.bankofamerica.com gi mo c tr a ch IP YYY.YY.YY.YY, y l a ch m k tn cng to trc nh cp cc thng tin ti khon ngn hng trc tuyn t ngi dng. Tn cng ny c th thc hin kh d dng v trong bi ny chng ta s i nghin cu cch lm vic ca n, cch n thc hin tn cng th no v cui cng l cch chng tr ra sao.2.1.2.2 Truyn thng DNS Giao thc Domain Naming System (DNS) nh c nh ngha trong RFC 1034/1035 c th c xem nh l mt trong nhng giao thc quan trng nht c s dng trong Internet. Ni ngn ngn d hiu, bt c khi no bn nh mt a ch web chng hn nh Google vo trnh duyt, yu cu DNS s c a n my ch DNS tm ra a ch IP tng xng vi tn min m bn va nhp. Cc router v cc thit b kt ni Internet s khng hiu google.com l g, chng ch hiu cc a ch chng hn nh 74.125.95.103.My ch DSN lm vic bng cch lu mt c s d liu cc entry (c gi l bn ghi ti nguyn) a ch IP bn ha tn DNS, truyn thng cc bn ghi ti nguyn n my khch v n my ch DNS khc. Kin trc my ch DNS trong ton doanh nghip v Internet l mt th kh phc tp. Nh mt vn ca thc t, bn c th hnh dung chng nh cc quyn s chuyn dng cho kin trc DNS. Nhm s khng i vo gii thiu cc kha cnh v kin trc hay thm ch cc kiu lu lng DNS khc nhau, m ch gii thiu mt phin giao dch DNS c bn, bn c th thy iu trong hnh 2.1.
Hnh 2.1: Truy vn v p tr DNS
DNS hot ng theo hnh thc truy vn v p tr (query/response). Mt my khch cn phn gii DNS cho mt a ch IP no s gi i mt truy vn n my ch DNS, my ch DNS ny s gi thng tin c yu cu trong gi p tr ca n. ng trn phi cnh my khch, ch c hai gi xut hin lc ny l truy vn v p tr.
Hnh 2.2: Cc gi truy vn v p tr DNS
Kch bn ny s c i cht phc tp khi xem xt n s hi quy DNS. Nh c cu trc th bc DNS ca Internet, cc my ch DNS cn c kh nng truyn thng vi nhau a ra cu tr li cho cc truy vn c trnh bi my khch. Nu tt c u din ra thun li nh mong i, my ch DNS bn trong ca chng ta s bit tn bn ha a ch IP cho my ch bn trong mng ni b, tuy nhin khng th mong i n bit a ch tng quan gia Google hoc Dell. y l ni s quy ng vai tr quan trng. S quy din ra khi mt my ch DNS truy vn my ch DNS khc vi t cch my khch to yu cu. V bn cht, cch thc ny s bin mt my ch DNS thnh mt my khch, xem trong hnh 2.3.
Hnh 2.3: Truy vn v p tr DNS bng quy2.1.2.3 Gi mo DNSC nhiu cch c th thc hin vn gi mo DNS. Nhm s s dng mt k thut mang tn gi mo DNS ID.Mi truy vn DNS c gi qua mng u c cha mt s nhn dng duy nht, mc ch ca s nhn dng ny l phn bit cc truy vn v p tr chng. iu ny c ngha rng nu mt my tnh ang tn cng ca chng ta c th chn mt truy vn DNS no c gi i t mt thit b c th, th tt c nhng g chng ta cn thc hin l to mt gi gi mo c cha s nhn dng gi d liu c chp nhn bi mc tiu.Chng ta s hon tt qu trnh ny bng cch thc hin hai bc vi mt cng c n gin. u tin, chng ta cn gi mo ARP cache thit b mc tiu nh tuyn li lu lng ca n qua host ang tn cng ca mnh, t c th chn yu cu DNS v gi i gi d liu gi mo. Mc ch ca kch bn ny l la ngi dng trong mng mc tiu truy cp vo website c thay v website m h ang c gng truy cp. r hn bn c th tham kho thm hnh tn cng bn di.
Hnh 2.4: Tn cng gi mo DNS bng phng php gi mo DNS ID
C mt s cng c khc c th c s dng thc hin hnh ng gi mo DNS. Nhm s s dng mt trong s l Ettercap, y l cng c c th s dng cho c Windows v Linux. Bn c th download Ettercap v my ca mnh ti y. Nu tm hiu thm mt cht v website ny, chc chn bn s thy rng Ettercap cn c nhiu chc nng tuyt vi khc ngoi vic gi mo DNS v c th c s dng thc hin nhiu kiu tn cng MITM.Nu ci t Ettercap trn my tnh Windows, bn s thy n c mt giao din ha ngi dng (GUI) kh tuyt vi, tuy nhin trong v d ny, nhm s s dng giao din dng lnh.Trc khi thc thi Ettercap, yu cn bn cn phi thc hin mt cht cu hnh. Ettercap mc li ca n l mt b nh hi (sniffer) d liu, n s dng plug-in thc hin cc tn cng khc nhau. Plug-in dns_spoof l nhng g m chng ta s thc hin trong v d ny, v vy chng ta phi iu chnh file cu hnh c lin quan vi plug-in . Trn h thng Windows, file ny c th download ti C:\Program Files (x86)\EttercapNG\share\etter.dns, v ti /usr/share/ettercap/etter.dns. y l m file kh n gin v c cha cc bn ghi DNS m bn mun gi mo. Vi mc ch th nghim, chng ta mun bt c ngi dng no ang c gng truy cp vo yahoo.com u b hng (direct) n mt host trn mng ni b, hy thm mt entry c nh du trong hnh 5.
Hnh 5: B sung bn ghi DNS gi mo vo etter.dns
Cc entry ny s ch dn cho plug-in dns_spoof rng khi thy truy vn DNS cho yahoo.com hoc www.yahoo.com (vi mt bn ghi ti nguyn kiu A), n s s dng a ch IP 172.16.16.100 p tr. Trong kch bn thc, thit b ti a ch IP 172.16.16.100 s chy mt phn mm my ch web v hin th cho ngi dng website gi mo.
Khi file ny c cu hnh v lu li, chng ta hon ton c th thc thi chui lnh dng khi chy tn cng. Chui lnh s dng cc ty chn di y:
-T Ch nh s dng giao din vn bn
-q Chy cc lnh trong ch yn lng cc gi d liu c capture khng hin th trn mn hnh.
-P dns_spoof Ch nh s dng plug-in dns_spoof
-M arp Khi to tn cng MITM gi mo ARP chn cc gi d liu gia cc host.
// // - Ch nh ton b mng l mc tiu tn cng. Chui lnh cui cng cho mc ch ca chng ta l:Ettercap.exe T q P dns_spoof M arp // //Khi chy lnh trn, bn s bt u mt tn cng hai giai on, u tin l gi mo ARP cache ca thit b trn mng, sau l pht cc p tr truy vn DNS gi mo.
Hnh 2.6: Ettercap ang lng nghe tch cc cc truy vn DNS
Khi khi chy, bt c ai ang c gng truy cp www.yahoo.com s u b redirect n website m c ca chng ta.
Hnh 2.7: Kt qu c gng gi mo DNS t phi cnh ngi dng
2.1.2.4 Phng chng gi mo DNSKh kh phng chng vic gi mo DNS v c kh t cc du hiu tn cng. Thng thng, bn khng h bit DNS ca mnh b gi mo cho ti khi iu xy ra. Nhng g bn nhn c l mt trang web khc hon ton so vi nhng g mong i. Trong cc tn cng vi ch ch ln, rt c th bn s khng h bit rng mnh b la nhp cc thng tin quan trng ca mnh vo mt website gi mo cho ti khi nhn c cuc gi t ngn hng hi ti sao bn li rt nhiu tin n vy. Mc d kh nhng khng phi khng c bin php no c th phng chng cc kiu tn cng ny, y l mt s th bn cn thc hin:
Bo v cc my tnh bn trong ca bn: Cc tn cng ging nh trn thng c thc thi t bn trong mng ca bn. Nu cc thit b mng ca an ton th s bn s gim c kh nng cc host b tha hip v c s dng khi chy tn cng gi mo.
Khng da vo DNS cho cc h thng bo mt: Trn cc h thng an ton v c nhy cm cao, khng duyt Internet trn n l cch thc hin tt nht khng s dng n DNS. Nu bn c phn mm s dng hostname thc hin mt s cng vic ca n th chng cn phi c iu chnh nhng g cn thit trong file cu hnh thit b.
S dng IDS: Mt h thng pht hin xm nhp, khi c t v trin khai ng, c th vch mt cc hnh thc gi mo ARP cache v gi mo DNS.
S dng DNSSEC: DNSSEC l mt gii php thay th mi cho DNS, s dng cc bn ghi DNS c ch k bo m s hp l ha ca p tr truy vn. Tuy DNSSEC vn cha c trin khi rng ri nhng n c chp thun l tng lai ca DNS.
2.1.2.5 Kt lunGi mo DNS l mt hnh thc tn cng MITM kh nguy him khi c i cp vi nhng d nh c c. S dng cng ngh ny nhng k tn cng c th tn dng cc k thut gi mo nh cp cc thng tin quan trng ca ngi dng, hay ci t malware trn mt a b khai thc, hoc gy ra mt tn cng t chi dch v. Trong phn tip theo ca bi lun ny, nhm s gii thiu tip cho cc bn v cc tn cng pass the hash v tn cng ny c th c s dng nh th no ng nhp vo cc my tnh Windows m khng cn n cc mt khu ngi dng.
2.1.3 Chim quyn iu khin Session
2.1.3.1 Thut ng chim quyn iu khin SessionThut ng chim quyn iu khin session (session hijacking) cha ng mt lot cc tn cng khc nhau. Nhn chung, cc tn cng c lin quan n s khai thc session gia cc thit b u c coi l chim quyn iu khin session. Khi cp n mt session, chng ta s ni v kt ni gia cc thit b m trong c trng thi m thoi c thit lp khi kt ni chnh thc c to, kt ni ny c duy tr v phi s dng mt qu trnh no ngt n. Khi ni v cc session, l thuyt c i cht ln xn, chnh v vy chng ta hy xem xt mt session theo mt cm nhn thc t hn.Trong bi ny nhm s gii thiu cho cc bn v hnh ng chim quyn iu khin session c lin quan n cc session HTTP. Nu mt s website m bn truy cp c yu cu thng tin ng nhp th chng chnh l cc v d tuyt vi cho cc kt ni hng session. Bn phi c thm nh bi website bng username v password thit lp session, sau website s duy tr mt s hnh thc kim tra session bo m bn vn c ng nhp v c php truy cp ti nguyn (thng c thc hin bng mt cookie), khi session kt thc, cc chng ch username v password s c xa b v cng l khi session ht hiu lc. y l mt v d c th v session m mc d chng ta khng phi lc no cng nhn ra n, cc session s xut hin lin tc v hu ht s truyn thng u da vo mt s hnh thc ca session hoc hnh ng da trn trng thi.
Hnh 3.1: Mt Session bnh thng
Nh nhng g chng ta thy trong cc tn cng trc, khng c th g khi i qua mng c an ton, v d liu session cng khng c g khc bit. Nguyn l n pha sau hu ht cc hnh thc chim quyn iu khin session l nu c th chn phn no dng thit lp mt session, khi bn c th s dng d liu th vai mt trong s nhng thnh phn c lin quan trong truyn thng v t c th truy cp cc thng tin session. V d trn ca nhm c ngha rng nu chng ta capture cookie c s dng duy tr trng thi session gia trnh duyt ca bn v website m bn ang ng nhp vo, th chng ta c th trnh cookie vi my ch web v th vai kt ni ca bn. ng trn quan im ca nhng k tn cng th iu ny qu l th v.
Hnh 3.2: Chim quyn iu khin
Gi y chng ta c mt cht l thuyt, hy i tm hiu su mt v d thc t.2.1.3.2 nh cp Cookies bng Hamster v FerretTrong kch bn thc tin ca m nhm a ra, chng ta s thc hin mt tn cng chim quyn iu khin session bng cch chn s truyn thng ca mt ngi dng ang ng nhp vo ti khon Gmail ca anh ta. S dng s truyn thng b chn ny, chng ta s th vai ngi dng v truy cp vo ti khon t my tnh ang tn cng ca mnh. thc hin c tn cng ny, chng ta s s dng hai cng c c tn Hamster v Ferret. Bn c th download c hai cng c ny ti y.Ngoi ra bn c th download v s dng Backtrack 4. BT4 l mt phn phi live-CD ca Linux, c thit k chuyn cho vic hack v test qu trnh thm nhp bi cc cng c c bin dch v ci t trc, Hamster/Ferret l hai trong s . Bn c th download BT4 ti y. Sau s tm Hamster trong th mc /pentest/sniffers/hamster. Cc hnh nh v d c s dng trong phn di ca hng dn ny c ly t BT4.Bc u tin c lin quan n trong hnh thc chim quyn iu khin session ny l capture lu lng ca mt ngi dng l nn nhn khi anh ta duyt Facebook. Lu lng ny c th c capture bng bt c ng dng nh hi d liu no, chng hn nh TCPDump hoc Wireshark, tuy nhin capture ng cc gi d liu, bn s cn s dng k thut nh gi mo ARP cache ( c gii thiu trong phn u tin ca bi lun ny).
Hnh 3.3: Capture lu lng ngi dng ang duyt Gmail
Khi capture lu lng ca nn nhn khi ngi ny ang duyt n Gmail, bn cn lu file capture vo th mc Hamster. Vi mc ch v d, nhm t tn file l victim_gmail.pcap. Khi file c t ng ch, chng ta s s dng Ferret x l file. iu ny c thc hin bng cch duyt n th mc Hamster v chy lnh, ferret r victim_gmail.pcap. Ferret s x l file v to mt file hamster.txt c th c s dng bi Hamster chim quyn iu khin mt session.
Hnh 3.4: X l file capture bng Ferret
Vi d liu HTTP chn v chun b s dng, chng ta c th s dng Hamster thc thi tn cng. Bn thn Hamster s lm vic nh mt proxy cung cp giao din cho vic duyt v s dng cc session cookie nh cp. bt u Hamster proxy, bn c th thc thi Hamster m khng cn cc ty chn dng lnh.
Hnh 3.5: Khi chy Hamster
Khi thc thi, bn cn m trnh duyt ca mnh v cu hnh cc thit lp proxy ca n sao cho tng ng vi cc thit lp c cung cp bi u ra Hamster. Mc nh, iu ny c ngha bn s cu hnh cc thit lp proxy ca mnh s dng a ch loopback ni b 127.0.0.1 trn cng 1234. Bn c th truy cp cc thit lp ny trong Internet Explorer bng cch chn Tools, Internet Options, Connections, LAN Settings, v tch vo hp kim Use a proxy server for your LAN.
Hnh 3.6: Cu hnh cc thit lp proxy s dng vi Hamster
Lc ny cc thit lp proxy s c s dng v bn c th truy cp giao din iu khin Hamster trong trnh duyt ca mnh bng cch duyt n http://hamster. Hamster s s dng file c to bi Ferret to danh sch cc a ch IP cho ngi m thng tin session ca h b chn v hin th cc a ch IP panel bn phi trnh duyt. File m chng ta to ch cha mt a ch IP ca nn nhn, v vy nu kch vo panel bn tri, chng ta s populate (nh c) cc session cho vic chim quyn.
Hnh 3.7: Hamster GUI
Chng ta s thy facebook.com c lit k y, nu kch vo lin kt , bn s thy mt ca s mi ng nhp vo ti khon Facebook nn nhn!
Hnh 3.8: Chim quyn iu khin thnh cng mt ti khon Gmail2.1.3.3 Cch chng tn cng chim quyn iu khin SessionDo c nhiu hnh thc chim quyn iu khin session khc nhau nn cch thc phng chng cng cn thay i theo chng. Ging nh cc tn cng MITM khc m chng ta nh gi, tn cng chim quyn iu khin session kh pht hin v thm ch cn kh khn hn trong vic phng chng v n phn ln l tn cng th ng. Tr khi ngi dng m c thc hin mt s hnh ng r rng khi anh ta truy cp session ang b chim quyn iu khin, bng khng bn c th s khng bao gi bit tn cng ang din ra. y l mt s th m bn c th thc hin phng chng tn cng ny:
Tuy cp ngn hng trc tuyn ti nh C hi ai c th chn lu lng ca bn trn mng gia nh t hn nhiu so vi mng ni lm vic. iu ny khng phi v my tnh nh ca bn thng an ton hn, m vn l bn ch c mt hoc hai my tnh ti nh, hu ht ch phi lo lng v tn cng chim quyn iu khin session nu con bn hn 14 tui v bt u xem cc on video hacking trn YouTube ri t hc v lm theo. Trn mng cng ty, bn khng bit nhng g ang din ra bn di tin snh hoc trong vn phng chi nhnh cch 200 dm, v vy ngun tn cng tim n l rt nhiu. Cn bit rng mt trong nhng mc tiu ln nht ca tn cng chim quyn iu khin session l ti khon ngn hng trc tuyn, tuy nhin ngoi ra n cn c p dng cho mi th.
Cn c s hiu bit v tn cng Nhng k tn cng tinh vi, k c n cc hacker dy dn nht cng vn c th mc li v li du vt tn cng bn. Vic bit thi im no bn b ng nhp vo cc dch v da trn session c th gip bn xc nh c rng liu c ai ang rnh rp mnh hay khng. Do nhim v ca bn l cn phi canh trng mi th, quan tm n thi gian ng nhp gn nht bo m mi th vn din ra tt p.
Bo mt tt cho cc my tnh bn trong Cc tn cng ny thng c thc thi t bn trong mng. Do nu cc thit b mng ca bn an ton th c hi cho k tn cng tha hip c cc host bn trong mng ca bn s t i, v t gim c nguy c tn cng chim quyn iu khin session.
2.1.3.4 Kt lun
Cho n y nhm gii thiu cho cc bn ba kiu tn cng MITM rt nguy him c th gy ra nhng hu qu nghim trng nu chng c thc hin thnh cng. Cc bn cn phi bit rng, s dng kiu tn cng chim quyn iu khin session, k tn cng vi nhng nh xu c th truy cp vo ti khon ngn hng trc tuyn, email ca ngi dng hoc thm ch c cc ng dng nhy cm trong mng ni b. Trong phn tip theo ca bi lun ny, nhm s gii thiu cho cc bn mt tn cng MITM nguy him khc, gi mo SSL.2.2 Cc kiu tn cng MITM trong IPV6Man in the Middle, hay thng c gi l MITM, l mt cuc tn cng trong qu trnh t c trng thi truy cp m trong v tr k tn cng gia cc d liu thng tin lin lc gia hai bn. Cuc tn cng ny l hu ch tin hnh cc cuc tn cng xa hn nh nh hi v vic cp quyn. Trong IPv4, Man in the Middle c th c thc hin trong nhiu cch, chng hn nh gi mo ARP cache v gi mo DHCP. ARP trong IPv6 c thay th bng qu trnh pht hin neighbor ICMPv6 trong khi DHCP c th c thay th bng qu trnh gi l stateless auto-configuration. Ni chung, c mt s k thut c bit n trong Man in the Middle i vi IPv6. - Man in the Middle vi advertisement l gi mo neighbor ICMPv6. - Man in the middle vi advertisement l gi mo nh tuyn ICMPv6. - Man in the Middle s dng ICMPv6 chuyn hng hoc ICMPv6 qu ln cy ghp tuyn ng. - Man in the Middle tn cng IPv6 di ng nhng i hi ipsec b v hiu. - Man in the middle vi my ch DHCPv6 gi mo. hn ch phm vi ca bi lun ny, chng ta s ch tho lun v hai phng php u tin.2.2.1 MITM Vi co gi mo Neighbor ICMPv6
ICMPv6 neighbor pht hin i hi hai loi ICMPv6. l ICMPv6neighbor solicitation (ICMPv6 Loi 135) v neighbor ICMPv6 advertisement (ICMPv6 loi 136). Hai ng vai tr ca tm kim MAC a ch IPv6 trn mng. Hnh 4.1 di y cho thy qu trnh bnh thng ca mt IPv6 tm kim th no trong mng. Hnh 4.1. IPv6 DiscoveryTrong hnh 4.1 trn, NS l cc solicitation neighbor ICMPv6 trong khi NA l ICMPv6 neighbor advertisement. Node A mun lin h vi Node B thc hin truyn thng d liu,cc bc m c th c quan st thy trong li gii thch sau y. - Nt A c th pht hin ra a ch MAC ca Node B bng cch gi ICMPv6 solicitation neighbor gi tin n nt forall a ch multicast (FF02 :: 1). - Tt c cc nt trn mng, bao gm Node B, nhn c ICMPv6 neighbor solicitation. - Node B nhn c gi tin ICMPv6 neighbor solicitation v p ng vi ICMPv6 neighbor advertisement l Node A vi trng cu (S) bt c. - Node A nhn c advertisement v bit rng IPv6 ca Node B l a ch MAC Node B. - a ch c tm kim thnh cng, c hai nt c th thc hin truyn thng v vn chuyn d liu.
Qu trnh ny l tng t nh vai tr ca ARP trong vic x l IPv4. K t khi qu trnh tra cu l khng c nhiu khc nhau t ARP trong IPv4, qu trnh ny cng c l hng tng t m c th c s dng thc hin tn cng Man in the Middle. Hnh 4.2 cho thy qu trnh IPv6 tm kim trn mng trong thi gian tn cng Man in the Middle.
Hnh 4.2. Man in the MiddleSau y l li gii thch ngn gn ca qu trnh th hin trong hnh 9 trn. - K tn cng s dng my tnh ca mnh vi THC parasite6 v cho php chuyn tip IPv6. - Nt A c th c gng tm ra a ch MAC ca Node B bng cch gi gi tin ICMPv6 neighbor solicitation n nt forall multicast a ch (FF02 :: 1). - Tt c cc nt trn mng, bao gm Node B v K tn cng, nhn c ICMPv6 neighborsolicitation. - Node B nhn c gi tin ICMPv6 solicitation neighbor v p ng vi ICMPv6 neighbor advertisement Node A vi trng cu (S) bt c. - K tn cng nhn c cc gi tin ICMPv6 solicitation neighbor v p ng vi ICMPv6 neighbor advertisement Node A vi trng cu (S) v ghi ln (O) flag c kch hot. - Node A nhn c advertisement t Node B v K tn cng, nhng v k tn cng cho php ghi ln c (O), n ghi v tn ti b nh cache neighbor nhp ca Node A (Network Working Group, 2007). - Node A b la di n bit rng IPv6 ca Node B trn a ch MAC k tn cng. - C hai Node A v Node B c th thc hin thng tin lin lc v truyn d liu, nhng tt c cc giao thng t Node Node B i qua k tn cng. By gi, k tn cng c th tin hnh cc cuc tn cng xa hn nh chn lu lng truy cp nh cp thng tin b mt hoc b mt, lc lu lng truy cp, tn cng kt ni TCP hnh thnh, v nhiu hn na.2.2.2 MITM Vi co gi mo Router ICMPv6
Cc my tnh trn mng th gi cc ICMPv6 solicitation router (ICMPv6 loi133) nhc nh cc b nh tuyn nhanh chng to ra cc advertisement router (Network Working Group, 2007). Cc b nh tuyn p ng vi ICMPv6 advertisement router (ICMPv6 loi 133), trong c tin t mng, la chn, thi gian sng v c autoconfig. Cc my tnh cu hnh bng nh tuyn ca n da trn ICMPv6 router advertisement nhn c t cc b nh tuyn. Hnh 4.3 cho thy qu trnh.
Hnh 4.3. Router Advertisement
Trong hnh 4.3 trn, RS l cc ICMPv6 router solicitation v RA l ICMPv6 router advertisement. Li gii thch ngn gn v qu trnh th hin trong hnh 8 c th c quan st di y. - Node A yu cu b nh tuyn advertisement bng cch gi gi ICMPv6 router solicitation ti router forall multicast a ch (FF02 :: 2). - Mi b nh tuyn trn mng nhn c router ICMPv6 ny. - ROUTER nhn c cc gi tin ICMPv6 solicitation neighbor v p ng vi ICMPv6 neighbor advertisement n cc FF02 :: 1, do , tt c cc nt trn mng nhn c n. - Node A nhn c ICMPv6 advertisement t ROUTER, trong c tin t mng,ty chn, thi gian sng, v c autoconfig. - Node A c th cu hnh bng nh tuyn ca n da trn router advertisement v thm nhp default gateway.
By gi tt c cc lu lng truy cp n dng chy phn on bn ngoi mng thng qua router. Vn l bt c ai cng c th yu cu i hi router v c th gi nh k b router advertisement ti mng network. Kt qu l, bt c ai cng c th l cng mc nh trn mng.
Hnh 4.4. Man in the MiddleSau y l nhng li gii thch ca qu trnh th hin trong hnh 4.4 trn. - K tn cng s dng my tnh ca mnh vi THC fake_router6, cho php chuyn tip IPv6, v cu hnh tuyn mc nh cho router. - ROUTER gi ICMPv6 router advertisement nh k vo mng, mi my tnh trn mng c th cu hnh cc bng nh tuyn. - K tn cng gi ICMPv6 router advertisement v tuyn b mnh l router trn mng vi u tin cao nht (Hauser, 2011). - My tnh trong mng cu hnh cng mc nh trn bng nh tuyn ti K tn cng mnh.
By gi tt c cc lu lng truy cp n dng chy phn on bn ngoi mng thng qua cc k tn cng. gim nguy c Man in the Middle hoc ngn chn n, c mt s k thut mi cho IPv6, v cng c mt s k thut m c s dng trong IPv4. Sau y l mt s k thut tt nht. - Bn c th theo di u vo cache neighbor v to ra c ch cnh bo sm khi nghi ng s thay i ca b nh cache xy ra. - Bn c th s dng Secure Neighbor Discovery (gi) ngn chn Man in the Middle tn cng, nhng n c kh nng lm tng ti thit b ca bn bi v m ha c yu cu. - l khuyn co mt lp hai thit b chng hn nh switch, vi router advertisement guard (RA guard) chn mi c hi n RA (IETF, 2011). Mc d c s thc t l hin nay, c mt s k thut vt qua n. - IPSEC trn thit b di ng IPv6, l bt buc theo mc nh, ngn cn Man in the Middle t mc tiu thit b di ng. - Ngoi ra, to ra c ch a ra cnh bo sm v vic pht hin my ch gi mo DHCPv6. Nhiu my ch DHCPv6 c th gip gim thiu tc ng ca Man in the Middle.
- N cng c ngh to ra mt mc c nh cho a ch gateway mc nh trn b nh cache ca neighbor. - Mng li phn khc nh subnet hoc VLAN c th c s dng lm gim nguy c ca Man in the Middle. - Chuyn i cng an ninh, v IEEE 802.1x cng lm vic trong mng IPv6 (Purser, 2010).Cui cng, ng qun ng k danh sch gi th mt nn tp trung vo an ninh y chi tit, chng ta c mt cnh bo sm khi l hng mi lin quan n giao thc IPv6 c tm thy.3. Ph lc
3.1 L thuyt IPV6
IPv4 cn kit trong nhng thng gn y, v sm hay mun, IPV6 s c s dng trn internet.Vic s dng ipv6 s gy ra l hng mi v s c khai thc bi nhng k tn cng t nhp vo mng.Nhng l hng c th n t cc ng dng ln n cp mng
c mt s cng trnh v hacking v an ninh trn ipv6. Mt s trong tho lun v vic khai thc cc l hng t xa trong khi nhng s khc tho lun v cc l hng ca ipv6 chnh n. Bi lun ny d nh s hon chnh ti lin quan n cc cuc tn cng v phng th ipv6. N bt u vi mt tng quan v . Sau , n tho lun v trinh st, iu tra, v cc k thut qut ipv6. Phn tip theo l nhng v d pht trin vic khai thc ipv6 t xa, sau khai thc nhng im yu ca ipc6. K thut phng th ngn gn cng c cung cp cui ca mi k thut. Nhng phng php tip cn c s dng cung cp cho mt ci nhn gn nh y v an ninh mng ipv6.3.1.1 Gii thiu
Da trn RFC 791, giao thc Internet c thit k s dng trong vic kt ni vi h thng mng giao tip my tnh vi k thut chuyn mch gi. Giao thc Internet cung cp truyn cc block d liu gi l gi tin t ngun ti cc im n. Ngun v cc im n my ch c xc nh bi a ch chiu di c nh (University Southern California, 1981). C hai giao thc Internet cng b cng khai, c th l Giao thc Internet phin bn 4 (IPv4) v Giao thc Internet phin bn 6 (IPv6)Giao thc Internet phin bn 4 (IPv4) c trin khai rng ri nh l ct li ca Giao thc Internet (IP). N c chiu di a ch 32-bit h tr 232 a ch hoc khong 4,294 t a ch. Da trn Bo co a ch Geoff Houston IPv4, IPv4kit cn vo u nm 2011 (Houston, 2011). Internet Assigned S (IANA)cn kit a ch IPv4 cha phn b ca h vo ngy 03/02/2011. T chc qun l cp vng RIR (Regional internet registry) s cn kit IPv4 cha phn b ca h trong vng mt vi nm, mt ngoi l l chu -Thi Bnh Dng Trung tm thng tin mng (APNIC) cn kit a ch ca h vo ngy, 19/04/2011. S cn kit ny tt c l do s lng ngy cng tng ca ngi s dng Internet nhanh chng. dokit sc, trong vng vi nm ti nhng ngi s dng Internet mi s khng c th c c a ch IPv4, c ngha l h s khng d dng c th kt ni vi Internet.
Giao thc Internet phin bn 6 (IPv6) l phin bn mi hn ca Internet Protocol, c thit k nh l s k tha cho phin bn Internet Protocol 4 (Network Working Group, 1998). IPv6 c thit k h tr cc nhu cu ca mt s lng ngy cng tng ca ngi s dng Internet nhanh chng. Cc chiu di ca a ch IPv6 l 128-bit, do , n c th h tr 2128 a ch, l khong 340 undecillion hoc 3.4x1038 a ch. Bn cnh vic m rng a ch kh nng, IPv6 cng c nhng thay i khc s c tho lun.Tuy nhin, c mt s lo ngi v vic thc hin IPv6 v bo mt ca n.Mt s cng c bo mt v cc thit b vn khng h tr IPv6 trong khi mt s khc m lm h tr IPv6 c cu hnh khng ng bi ngi qun tr. V vy, mt s bc tng la, v h thng pht hin xm nhp v phng chng c th pht hin nhng truy cp lu lng d liu IPv4 c hi, nhng nhng k tn cng c kh nng c th b qua cc c ch kim sot v pht hin bng cch gi lu lng truy cp d liu c hi IPv6. Mi quan tm khc l im yu trong IPv6 c th c s dng bi k tn cng tin hnh mt cuc tn cng mng chng li IPv6. Nghin cu bo mt cng b ti liu v cc cng c thc hin cc th nghim xm nhp mng IPv6. V d nh, HD Moore xut bn bi bo ca mnh khng hiu r v khi lng tp ch s 10 trong nm 2008 (Moore,2008), trong khi Van Hauser ca t chc (THC - the hacker choice) pht hnh mt b cng c hon chnh lm th nghim thm nhp chng li cc im yu IPv6 trong nm 2006 (THC, 2006).3.1.2 Tng quan IPv6
IPv6 c gii thiu ln u tin vo nm 1998 bi Internet Engineering Task Force (IETF) t hng thay th cho IPv4. Cc tiu chun c im k thut cho IPv6 l trong d tho 2460 RFC (Network Nhm cng tc, 1998). Da vo bn d tho, tiu IPv6 c th hin trong nhng iu hnh sau y. Hnh A.1. IPV6 Packet Header
Sau y l cc m t cho tng lnh vc trn cc tiu gi tin IPv6.- Version: lnh vc ny l 4 bit (0,5 byte) v n cho thy phin bn giao thc v c gi tr 6.-Traffic Class: lnh vc ny l 8 bit (1 byte) v n c s dng bi cc ngun v b nh tuyn (routers) xc nh cc gi tin thuc cng mt lp giao thng. Do , n phn bit mt gi v nhng gi khc da trn u tin.- Nhn Dng chy (Flow Label): lnh vc ny l 20 bit (2,5 byte) v c s dng nh l mt nhn cho cc lung d liu.- Payload Length: lnh vc ny l 16 bit (2 byte) v ch ra chiu di ca khi cc gi d liu.- Tiu Tip theo (Next Header) : lnh vc ny l 8 bit (1 byte) v n cho thy cc loi header ngay lp tc sau header IPv6.- Hop Limit: lnh vc ny l 8 bit (1 byte) v n c gim i mt bi cc ntchuyn tip gi tin. Khi gii hn hop t n s khng, gi tin c loi b.- Source Address: lnh vc ny l 128 bit (16 byte) v n cho thy ngun gc cacc gi tin.- Destination Address: lnh vc ny l 128 bit (16 byte) v n ch ra im n cacc gi tin.Tng chiu di tiu gi tin IPv6 l 320 bit, l bng 40 byte. IPv6 c ba loi m hnh x l, c th l anycast, unicast v multicast.IPv6 khng h tr broadcast address nh trong IPv4. Bng 1 di y cho thyc th s dng IPv6 da trn RFC 3513 (Network Working Group 2003), iu ny gii thch kin trc a ch IPv6.
Cc a ch anycast c th c ly t bt k a ch unicast v n khng th c phn bit da trn c php v k hiu. RFC 3513, mc 2.7.1, cp n mt s c xc nh trc a ch multicast. Mt s trong chng c th c quan st di y.- FF01 :: 1: i din cho tt c cc giao din a phng host IPv6- FF02 :: 1: i din cho tt c cc link-local host IPv6- FF05 :: 1: i din cho tt c cc site-local host IPv6- FF01 :: 2: i din cho tt c cc b nh tuyn IPv6 giao din a phng- FF02 :: 2: i din cho tt c cc b nh tuyn link-local IPv6- FF02 :: 5: i din cho tt c cc site-local router IPv6 RFC 3513 cng quy nh c th vic s dng ca bin i EUI-64 nhn dng mt phn m hnh x l IPv6. EUI-64 l giao din mng nh danh c nh ngha bi IEEE. IEEE EUI-64 c th c bt ngun t 48 bit ca a ch MAC ca giao din mng. V d, a ch MAC k hiu l UU: VV: WW: XX: YY: ZZ c th c vit trong 48 bit nhcccccc0gcccccccc ccccccccmmmmmmmm mmmmmmmmmmmmmmmmc l cc bit ca company_id c giao, 0 l gi tr ca cc bit universal / local ch ra phm vi ton cu, g l individual / group bit, v m ch ra cc bit canh sn xut la chn m rng nh danh. to ra nh danh giao din cho IPv6,cn o ngc universal / local bit v thm 11111111 11111110 gia c v m.Do , nh danh giao din s nh sau.cccccc1gcccccccc cccccccc11111111 11111110mmmmmmmmmmmmmmmmmmmmmmmmGiao din mng vi a ch MAC 00:08 C: A0: C2: 71:35 c th c chuyn i sang giao din nh danh nh hnh di y.00:08 C: A0: C2: 71:35 (a ch MAC)00000000 10001100 10100000 11000010 01110001 0011010100000010 10001100 10100000 11111111 11111110 11000010 01110001 00110101028C: A0FF: FEC2: 7135 (giao din nh danh) Kin thc subnetting IPv6 l cng quan trng. Kin thc cn nhc ny c th c tm thy trong ti liu Microsoft TechNet (Davis, 2004). Da trn cc ti liu, IPv6 subnetting i hi hai bc th tc, c th l:- Xc nh s bit c s dng cho IPv6 subnetting.- Lit k cc tin t a ch mng cp di mi.V d, IPv6 tin t mng 2406: A000: F0FF: 4000 :: / 50 s c chia thnh-4 bitsubnetting. V vy, gii thch nh sau:- S lng cc bit c s dng cho subnetting, k hiu l s, c gi tr 4, v vy s = 4.- Tin t mng hin ti, k hiu l m, c gi tr 50, v vy m = 50.- S lng cc bit trong subnet ID c sa cha, k hiu l f c cng thc f= M-48, do , f = 50-48 f = 2.- Tin t mng mi, k hiu l P, c cng thc P = m + s, do , P = 50 +4 P = 54.- S ca tin t mng sau khi subnetting, k hiu l n, c cng thc
Gi tr bt u vo tin t mng mi, k hiu l F, l kt qu ca Boolean AND Hot ng gia cc a ch IPv6 v tin t mng hin ti di dng nh phn.V vy, gii thch nh sau:IPv6 2406: A000: F0FF: 010000000000000050-bit FFFF: FFFF: FFFF: 1100000000000000 48-bitAND 2406: A000: F0FF: 0100000000000000F l cc bit gia 49 n 64, do , F l 0100000000000000 bng 0x4000 hnh thc hexal. Gi tr ngy cng tng trn a ch mng mi, k hiu l i, l kt qu catnh ton da trn cng thc
trn h thp phn hoc 0x400 trongh thp lc phn hnh thc. Bng 2 cho thy tin t mng mi IPv6 sau khi tnh ton. C mt s trang web cung cp my tnh IPv6 subnetting. Mt trong s lhttp://subnetonline.com/.
4. TI LIU THAM KHO:
[1] http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.html [2] http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html[3] http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-Attacks-ARP-Part3.html[4] http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html[5] A Complete Guide on IPv6 Attack and Defense, Atik Pilihanto, November 21th,2011 [6] Nghin cu v chng minh cch pht hin c tn cng sniffer trong mang LAN, ww.athena.edu.vn
H Ch Minh, 10/2012
Nhm:
Hc vin:
Phan Minh Nht(10140017)
Phan Xun Hnh(12140017)
Ni Dung2SVTH: Phan Minh Nht
Trn i Thng
Nguyn nh Vin
_1413360121.unknown
_1413360529.unknown