1
-
:
V
GVHD
SVTH : 1.
MSSV: 0951150005
CNG
MSSV: 0951150006
TP.HCM ngy 20
2
nhm
cch phng c .
3
TI: DOS ATTACK
P I: QUAN CNG
Trang
I. cc cng 4
II. v cc cng
II I. 7
PH N II :
I . DoS attack l g ? 12
II. Cc cng DoS 14
III . 23
P III : DOS
I. DoS 27
II.
III . 34
P IV : DOS
4
I: QUAN CNG
I. CC CNG
1.S ki n b o m t c
VietNamNet b t n cng DDoS l ng c
http://vietnamnet.vn
"Hacktivism" n i d y
Hacktivism l
nhm hacker
),
,
http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=471121&ChannelID=16http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=471121&ChannelID=16http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=471121&ChannelID=16http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=472082&ChannelID=165
2.Cng ty cung cp gi i php b o m t cho chnh ph Hoa K b t n
cng
Vo thng 1-
hbgaryfederal.com
gim
3.Cc cu c t n cng DDoS ni ti ng trong l ch s
-
-
.
-
- Return to
Castle Wolfenstein, Halo, Counter-Strike
-
-
-
Visa.com
-
-
v DDoS.
6
I I. CNG
c l php, quy
trnh, an ninh
C l do m c nhn cng doanh c nhn
cc cng l
vi m cng v tin
tm
tri php ti k dng v
m cho cc
m v tham
cho ch ti chnh gin cng
cc hnh dng php c
truy vo cc v cc
hnh lm ti nguyn v thng.
7
II I .
1. "Tay trong"
2.
nguy
3.
4.
8
5.
ess access-
-
6.
7.
8.
spyware, virus, trojan...
9. Email
d
tnh.
10.
9
hng
11. M t s
-
m.
tr
12. Nh m y u trong v b o m t:
configuration weaknesses v policy weaknesses.
12.1) Technology weaknesses:
c ,
hardware.
12.1.1) TCP/IP weaknesses:
10
IP
.
nn
IP
IP
IP spoofing, man-in-the-middle v
session replay.
12.1.2) Operating System weaknesses:
12.1.3) Network equipment weaknesses:
12.2) Configuration weaknesses:
.
: ,
,
12.2.1) Unsecured user account:
Cc
12.2.2) System account with easily guessed password:
. ,
12.2.3) Misconfigured Internet services:
11
g vo.
ra
12.2.4) Unsecured default settings in product:
N lm cho cng
gip ch
12.2.5) Misconfigured Netword Equipment:
12.3) Policy weaknesses:
12
I - GI I THI U V DOS
1. Khi ni m
Denial Of Services Attack ( cng ) l cng
cng ny, my tnh Internet l c
cng my tnh .
T DoS attack l hacker ti nguyn
trn server ( ti nguyn c l thng, cpu, ... ) lm cho
server khng no cc yu cc my khc ( my
dng bnh ) v server c nhanh chng ng
crash reboot.
2. Cc m c c a t n cng DoS
C g ng chi m thng m ng v lm h th ng m ng b ng p (flood), khi
h th ng m ng s khng c kh ng nh ng d ch v khc cho
i dng bnh ng.
C g ng lm ng t k t n i gi a hai my, v ch n qu trnh truy c p vo
d ch v .
C g ng ch n nh ng i dng c th vo m t d ch v no
C g ng ch n cc d ch v khng cho i khc c kh truy c p
vo.
Khi t cng DoS ra dng c gic khi truy vo
+ Disable Network -
+ Disable Organization - khng
+ Financial Loss Ti chnh
13
3. M c tiu m k t n cng ng s d ng t n cng DoS
chng ta bn trn cng DoS ra khi cng
ti nguyn v khng cho dng bnh
cc ti nguyn chng cng l g:
ra khan v khng ti nguyn
thng c a h th ng m ng (Network Bandwidth), b nh , v CPU
Time hay c u trc d li u u l m c tiu c a t n cng DoS.
T n cng vo h th ng khc ph c v cho m ng my tnh h th ng u
ho, h th ng n, h t h ng lm mt v nhi u ti nguyn khc c a doanh
nghi p. B n th ng ng khi ngu n n vo my ch web b ng t th
i dng c th truy c p vo my ch khng.
Ph ho i ho c thay i cc thng tin c u hnh.
Ph ho i t ng v t l ho c cc thi t b m ng ngu n n, u
4. D u hi u khi b t n cng DoS
ng th hi u su t m ng s r t ch m.
Khng th s d ng website.
Khng truy c c b t k website no.
14
II . CC CNG DOS
1. Winnuke
Hnh 2.1
DoS attack ny c p cho cc my tnh
Windows9x. Hacker cc gi tin "Out of Band" 139
my tnh 139 chnh l NetBIOS, ny cc gi
tin c Out of Band ). Khi my tnh victim gi tin ny,
mn hnh xanh bo ln nhn do trnh
Windows cc gi tin ny n khng cc
Out Of Band no crash .
2. Ping of Death
15
Khi
N
3. Teardrop
16
Hnh 2.3
ta , cc trn
qua 2 qu trnh : chia ra thnh cc
c gi offset xc
tr trong gi Khi cc ny
ch vo gi offset cc nhau theo
ban . , ta
gi packets gi offset cho ln nhau. khng
no cc packets ny, n khng v c crash, reboot
gi packets gi offset cho ln
nhau qu !
4. SYN Attack
Hnh 2.4
SYN
ACK
SYN/ACK
Client Server
SYN
SYN/ACK
SYN/ACK
Server Attacker/Agent
Malicious
TCP
Client
Victim
TCP
Server
SYS packet with a deliberately fraudulent
(spoofed) source IP return address
SYS/ACK
SYN
80
?
TCP
Client
ClientPort
1024-65535
TCP
Server
ServicePort
1-1023
SYS
ACK
SYN/ACK
80
17
Trong SYN Attack, hacker SYN packets
IP khng c khi cc SYN packets ny
cc khng c v thng tin
cc IP .
V l cc IP khngc nn v ch
v cn cc ny vo , gy lng ph
nh trn my m ra l dng vo khc thay cho
thng tin khng c ny . ta cng lc gi tin c
IP th qu crash boot my tnh .
5. Land Attack
Hnh 2.5 M Hnh t n cng b ng Land Attack
Land Attack SYN Attack, thay v dng cc IP
khng c hacker dng chnh IP nhn. ny
nn vng v trong chnh nhn bn
thng tin cn bn th bao thng tin
. == > ng ng .
6. Smurf Attack
18
Trong Smurf Attack, c ba thnh hacker ra cng),
nghe hacker) v nhn. Hacker
cc gi tin ICMP broadcast l cc
gi tin ICMP packets ny c IP chnh l ch IP nhn .
Khi cc packets broadcast cc my
tnh trong my tnh nhn gi tin ICMP
packets v chng nhn cc gi tin
ICMP packets. my nhn khng
cc gi tin ny v nhanh chng crash reboot.
cc gi tin ICMP packets th
gi tin ICMP packets ny ln .
vo tnh c trong i .
cc hacker l cng routers cho php
cc gi tin broadcast khng qua
cc ra gi tin . C cc ny, hacker dng hnh Smurf
Attack trn cc cng . == > .
7. Fraggle Attack
19
Hnh 2.7 M H
tiu.
8. UDP Flooding
Hnh 2.8
20
Cch cng UDP c 2 my cng tham gia. Hackers
lm cho mnh vo vng trao cc qua giao
UDP. V IP cc gi tin l loopback (127.0.0.1 ) ,
gi tin ny nhn trn UDP echo( 7 ).
nhn cc messages do 127.0.0.1( chnh n)
, l n vng vng v Tuy nhin, c
khng cho dng loopback nn hacker IP my
tnh no trn nhn v hnh UDP trn
nhn . lm cch ny khng thnh cng th chnh my s .
9. T n cng DNS
Hacker c vo trn Domain Name Server
nhn cho website no hacker. Khi my khch yu DNS
phn tch xm thnh IP, DNS ( hacker thay
cache i ) thnh IP m hacker cho . l
thay v vo trang Web vo th cc nhn vo trang Web do chnh
hacker ra . cch cng !.
10. Distributed DoS Attacks ( DDos )
Attacker cng
Handler: my tnh
Attacker
Zombie: my tnh
Handler
Victim : nhn cng
Attacker
Hnh 2.10 M hnh cng DDos
DDoS yu c t vi hackers cng tham gia. tin cc hackers
thm vo cc my tnh km, sau ci ln cc
21
ny trnh DDoS server. By cc hackers nhau
gian dng DDoS client cc DDoS servers, sau ra
cho cc DDoS servers ny hnh cng DDoS nhn .
11. The Distributed Reflection Denial of Service Attack(DRDoS )
c l cng v lm boot my tnh
nhanh Cch lm th DDos thay v
my tnh th cng dng my cng thng qua cc
server trn i . php IP victim ,
cng cc gi tin cc server nhanh v c
Yahoo , cc server ny cc gi tin
victim .
cng m lc gi tin thng qua cc server ny nhanh
chng lm my tnh nhn v lm crash , reboot my
tnh . Cch cng ny my c Internet
bnh th c c
ta khng . Trang WebHVA chng
ta DoS cch cng ny
22
Hnh 2.10 M hnh cng DRDos
23
I II :
1. DoSHTTP + Sprut:
Hnh 3.1 tool DoSHTTP v Sprut
2
24
2. LOIC
Hnh 3.2 Giao di n tool LOIC
LOIC l ng d ng t n cng t ch i d ch v c vi t b ng C#. Loic th c hi n
t n cng t ch i d ch v t n cng (ho c s d ng b i nhi u c nhn, l
m t cu c t n cng DDoS).
Trn m t trang web mc tiu lm ng p cc my ch v i cc gi tin TCP hoc
UDP v n dch v c a m t my ch c th . Cng c LOIC l
m t botnet tnh nguyn k t n i n m t my ch t xa m ch o cc cuc t n
cng. Hi n nay, c 40.000 i k t n i v i botnet.
25
3. UDP Flood
Hnh 3.3
c .
sinh
server.
26
4. rDoS
d ng th ph i c n th u khng my
tnh c a mnh s t ng t n cng DoS t nh khi mnh bt
ki m tra th chng ta s d ng
WireShark s th y r v .
27
I.
1. K thu t pht hi n
.
1.1 Ho nh hnh
ng gi a cc clusters.
s ng r rng clusters (tn cng DDoS).
1.2 Phn tch wavelet
1.3 Pht hi n m theo trnh t
gian.
28
2. Bi n i ph chi c DoS
H p th cu c t n cng:Dng kh h p th t n cng, yu
c u k ho c.
Lm gi m d ch v :Nh n bi t d ch v nguy hi m v d ng dch v
khng nguy him.
T t d ch v : T t t t c d ch v cho t i khi cu c t n cng gim b t.
3. Bi i ph t n cng DoS
3.1 B o v th c p victims
t ph n m m anti-virus, anti-Trojan v cp nh p b n m i.
n th c v v b o m t v k thu i s d ng
t t t c ngu n trn internet.
T t d ch v khng cn thi t, g b ng d ng khng s d ng, v qut tt
c files nh n t ngu n bn ngoi.
C ng xuyn cp nh p xy d u phng th trn li
ph n c ng v phn m m h th ng.
3.2 Pht hi n ti n cng
B l c xm nhp: B o v t t n cng trn ngp c ngu n g c t cc
ti n t h p l i kh i t o truy tm ngun g c th c s .
B l Qut header gi tin ca gi tin IP ra mt m ng. B l
ra khng chng th c ho ng nguy hi c ra kh i
m ng bn ngoi.
Ng t TCP: C u hnh ng a t n cng bng cch ngt v
yu c u k t n i TCP h p l .
29
3.3 Lm l ng t n cng
H th ng thi t l p v i gi i h n b o m t
ng cm d i v i k t n cng.
Ph c v k t n cng b
m t b n ghi cc ho ng, h c ki u t n cng v cng c ph n m m k
t n cng s d ng.
Dng phng th chi u su tip c n v i IPSec t m m ng khc nhau
chuy lu n vi honeypot.
3.4 Lm du cu c t n cng
Cn b ng t i:
o Nh cung c trn k t n i quan tr
ng a v gi m xu ng t n cng.
o Nhn bn my ch c th cung cp thm bo v an ton.
o Cn bng t i cho m i server trn cu trc nhi u server c th c i
ti n hi u su m ng c a cu c t n
cng DoS.
Ho u ch nh:
o Thi t l p cch thc router truy cp m t server v u chnh logic
i m s server x l.
o B x l c th a trn ngp thi t h i t i server.
o B x l ny c th m r u chnh lu ng t n i
l ng h p php c i s d ng cho kt qu t
30
3.5 Php l
nh n bi t ngu n c ng
DoS. M c d k t ng gi m a ch ngu n, d u v t
IP tr l i v i tr gip ngay l p t c c a ISP v thc thi php lu
quan c th cho php bt cc th ph m.
Phn tch m ng: D li u c th c phn tch-sau tn cng-
tm ki m ring bi ng t n cng.
M ng t n cng DoS c th i qu n tr m ng pht trin
k thu t l ng
Dng nh m, d li u c th c p nh p cn bng
t u chnh bi i ph.
4. B o v DoS
4.1 M ISP
( )
31
4.2 H th ng b o v IntelliGuard
IntelliGuard
cch
II. CNG C B O V DOS
1. NetFlow Analyzer
32
Hnh 2.1 Cng c NetFlow Analyzer
2. M t s cng c khc
D-Guard Anti -DDoS Firewall
D-Guard Anti-DDoS Firewall cung c y nh t v nhanh nht b o
v DDoS cho cc doanh nghip tr c tuy n, v cc d ch v n truy n thng,
thi t y u h t ng cng cng v cung cp d ch v Internet.
L m t chuyn nghip Anti-DDoS Firewall, D-Guard c th b o v ch ng l i
h u h t cc cuc t n cng cc loi, bao g m c DoS / DDoS, Super DDoS, DrDoS,
Fragment tn cng, t t t t bi n,
ng u nhin UDP Flooding tn cng, ICMP, IGMP tn cng, ARP Spoofing, HTTP
Proxy t n cng, CC Flooding tn cng, CC Proxy t
33
D-Guard Anti-DDoS Firewall cung cp m t c p trn cch tip c
gi m nh cc cuc t n cng DDoS, vi m t thi t k t p trung vo giao thng qua
h p php ch khng phi l lo i b giao thng tn cng, x l cc cu c t n cng
k ch b n c th suy thoi t i t nh t m khng cn hi u su t.
Hnh 2.2.1 Cng c D-Guard Anti -DDoS Firewall
FortGuard Firewall
FortGuard Firewall - m t gi i dng ch ng l i cc cu c t n
cng DDoS v chnh xc v hiu su t cao nht...
FortGuard Firewall l mt ph n m ng l a Anti-DDoS nh nh
m v i Intrusion Prevention System sn c.N c th b o v my tnh ca b n ch ng
l i cc cu c t n cng DDoS chnh xc nht v i hi u su t cao nht. FortGuard
Firewall c th ch ng l i SYN, TCP Flooding v cc loi t n cng DDoS khc v
kh c cc gi t n cng th i gian th c. n v
hi u ha/ kch hot truy c p qua proxy vo tng ng d ng v c th
2000 ki u ho ng c a hacker.
34
Hnh 2.2.2 Cng c FortGuard Firewall
III. KI M TRA THM NH P DOS
35
1. Ki m tra web server dng cng c t
Stress(WAS) v Jmeter cho kh u t i, hi u su t server, kha, v
kh r ng pht sinh.
2. Qut h th ng dng cng c t
khm ph bt k h th ng d b t n cng DoS.
3. Trn ngp m c tiu v i yu c u gi tin k t n i dng cng c Trin00, Tribe
Flood, v TFN2K.
4. T n cng trn ngp c y c d ng duy tr t t c
yu c u k t n i lm t c ngh n c ng.Dng cng c
t ng t n c ng trn ngp c ng.
5. Dng cng c Mail Bomber, Attache Bomber, v Advanced Mail Bomber
g i s ng mail l n cho mail server mc tiu.
6. n vo cc mu n i dung ty v ko di lm trn ngp trang web.
36
P
DOS
1. Ping of Dealth Attack
Trong h ta c th s d ng l IP -t -
ping m t destination mt cch lin tc
N n mu n m cng m t lc 20 c a s Window ping th ta c th k t
h p v i cu l For /L %i in (1,1,20) do start ping
192.168.1.254 -t -l 36000 s m ra cng mt lc 20 c a s
window ping lin t n IP 192.168.1.254
37
(B t wireshark khi b t n cng trn ng p ICMP b ng Ping of Death)
Ki u t n cng ICMP l kiu t n cng c n nh t, r t d th c hi n.
Cc router cu hnh y u r t d b t n cng v treo nhanh chng.
38
2. Syn Flood Attack
th th c hi u
nh xem hin t port 80 bng
cng c Nmap
Gi s IP Public hi n th i c d ng cu
l nmap sS p 80 118.68.226.1/24 scan
Ta th c hi n scan v xut ra file l scan_adsl.txt
Ki m tra n i dung file scan_adsl.txt v chn ra m t IP ta lm lab tip t c