BO• GIAO DUC v A"BAO TAO • • TRUONG BHDL NGOAI • NGU - TIN HOC • TP.HCM KHOA CONG NGHE• THONG TIN - KHOA LuAN TOT NGHIEP • • " J ~ _ J: ~ J:." " TIM HIEU MOT SO KIEU TAN CONG TREN • MANGINTERNET • '" '.1 , 'I' - • • • '" • J & • ••• ,/ t t ~.~: ' ," \ ," ,, - ' \:." / , / , I ' • GIANG VIEN HV6NG DAN: THA Y D~NG TRUONG SON SINH VIEN THVC HIBN: D~NG PH~M PHUC DUY - 0611180 NGUYEN HOANG Quac PHONG - 0611235 TP.HO CHi MINH - 2010 \ MOt s6 kiSu t&1 cong tren m?llg MonAu Hi~n nay, cong ngh~ thong tin dang phat triSn cang m~;mhme Nhu c~u Slr d\mg m~mg dai s6ng hang la r~t cao, uu diSm cua m~ng may tinh dil dugc thS hi~n kha ro mQi llnh V\fC cua cuOc s6ng 86 chinh la S\f trao d6i, chia se, luu tru va bao v~ thong tin Nhung li~u tham gia VaG hm;lt dOng tren m(;1ngthong tin cua chung ta c6 th\fc S\f an toan, d6 la diu hoi rna nhiSu nguai thuang xuyen d?t va di tim lai giai dap Ben c(;1nhnSn tang m(;1ngmay tinh huu tuy~n, m(;1ngmay tinh khong day til dai dil thS hi~n nhiSu uu diSm n6i b?t vS dO linh hO(;1t,tinh gian dan, kha nang ti~n d\lng Do d?c diSm trao d6i thong tin khong gian truySn s6ng nen kha nang thong tin bi ro ri ngoai la diSu dS hiSu N~u chung ta khong kh~c ph\lc nhfrng diSm y~u thi moi truang m(;1ngse tr6 mOt manh d~t mau rna cho nhung hacker xam nh?p, gay S\)'th~t thoat thong tin, tiSn b~c Do d6 bao m?t m~ng dang la mOt v~n dS n6ng bong hi~n 86 an chung em se mieu ta cac cach thuc t~n cong t6ng quat tren m(;1ngva tim hiSu cac cach t~n cong d?c thu VaG m~ng khong day Qua d6 giup chung ta bi~t cach phong ch6ng nhung nguy ca tiSm fin tham gia trao d6i thong tin tren m(;1ng Chung em dt cam an S\f huang dfin nhi~t tinh cua th~y 8?ng Truang Son va xin tran trQng cam an quy Th~y Co khoa Cong Ngh~ Thong Tin truang 8(;1iHQc Ngo(;1iNgu Tin HQc Tp H6 Chi Minh dil t?n tinh giang d~y, truySn d(;1t nhung ki~n thuc quy bau su6t thai gian qua lam nSn tang va t(;10diSu ki~n cho chung em hoan bai bao cao M?c dti dil n6 h,rc h~t suc minh, song ch~c ch~n bai bao cao khong tranh khoi nhiSu thi~u s6t Chung em r~t mong nh?n dugc S\f chi bao t?n tinh cua quy Th~y Co va cac b(;1n Tp.HCM, 22 thang nam 2010 8?ng Ph(;1mPhuc Duy- NguySn Hoang Qu6c Phong MQt s6 kiSu tftn cong tren m~mg • NOI DUNG • BAo cAo Chu'o'ng l.Gi6i thi~u: T6ng quan vS tinh hinh an ninh m,;mg nhu'ng nam g~n day, Cac kiSu tftn cong ph6 bien tren m~mg,d6ng thai neu len mvc dich, nQi dung va y nghia cua bao cao Chuo'ng 2.Cac ki~u tAn cong tren m~ng: Trinh bay cac kiSu tftn cong thong dVng tren m~ng hi~n nhu: Sniff, lua dao tr\l'c tuyen (Phishing), SQL Injection, tftn cong tu ch6i dich vv Cac phuong phap phong ch6ng cac kiSu tftn congo Chuo'ng 3.M~ng khong day: T6ng quan vS Wireless, WLAN, cac cong ngh~ WLAN Cac mo hinh m~ng WLAN, d6ng thai cung cho thfty Uti va nhuqc diSm cua WLAN Chuo'ng 4.Bao m~t m~ng khong day: T6ng quan vS cach thuc rna h6a truySn d~n WLAN Nguyen ly ho~t dQng, Uti nhuqc diSm cua cac phuong thuc bao m?t cho m~ng khong day Chu'o'ng 5.TAn cong m~ng khong day: Trinh bay mQt s6 kiSu tftn cong d~c thu tren m~ng khong day, va cach phong ch6ng cac kiSu tftn cong d6 Chu'o'ng 6.Demo: Mo Ph6ng qua trinh tftn cong lfty m?t khftu cua m~ng khong day duqc bao m?t b~ng WEP Sau d6 tien hanh tftn cong Man In Middle Attack ket hqp vai Phishing m~ng chiem lfty tai khoan truy nh?p website cua nguai dung ChuO'ng 7.TAng k~t: Neu len nhfrng Uti nhuqc diSm cua dS tai cung nhu dua huang phat triSn cho dS tai thai gian s~p tai MQt s6 kiSu tftn cong tren m,;mg MUCLUC • • - , CHUON G 1: G 101 THI~U 1.1 1.,2 T6ng quan tinh hinh an ninh m~mg nhfrng nam g~n day " pOlen h" b' / t"ren m~mg may , t'Inh leu t/ an cong C'ac k'" 1.3 M\lc tieu cua bao cao CHUONG 2: MOT 2.1 Ky thu?t 2.1.1 SO KIEU 10 12 TAN CONG TREN M~NG b~t gai tin dung Sniff 13 13 Cac lo~i Sniff va co chS ho~t dQng 13 2.1.2 Cach phat hi~n Sniff 14 2.1.3 Cach phong ch6ng Sniff 15 2.1.4 T6ng kSt Sniff 16 2.2 Phishing 17 2.2.1 Co chS ho~t dQng 17 2.2.2 Cach phong phong ch6ng 18 2.2.3 T6ng kSt Phi shing 21 2.3 22 SQL injection 2.3.1 D~ng tftn cong vuqt qua kiSm tra dang nh?p 24 2.3.2 D~ng tftn cong Slr d\lng cau l~nh SELECT 26 2.3.4 D~ng tftn cong Slr d\lng cau l~nh INSERT 27 2.3.5 D~ng tftn cong Slr d\lng stored-procedures 27 2.3.6 Cach phong ch6ng sql injection 28 2.4 Tftn cong tu ch6i dich v\l 2.4.1 29 30 SYN Attack 2.4.2 Flood Attack 33 2.4.3 Tftn cong tu ch6i dich V\l kiSu phan tan-DDdos 33 2.4.4 Tftn cong tu ch6i dich V\l phan x~ nhiSu vung DRDOS 35 '- M(>t s6 kiSu tAn cong tren rn~g 2.4.5 T6ng kSt tAn cong dich V\! CHUaNG 36 3: CONG NGH:E:M~NG KHONG DAy 38 3.1 Gi6i thi~u vS Wireless 38 3.2 Cac t6 chuc chinh va kenh truySn song rn,;mg Wireless 38 3.3 40 Cac chu~n Wireless 3.3.1 Cac chu~n clla 802.11 40 3.3.1.1 Nhorn lap V?t ly PHY 41 3.3.1.2 Nhorn lien kSt dfr li~u MAC 42 3.3.2 Gi6i thi~u rn(>ts6 cong ngh~ rn,;mg khong day 43 3.4 Gi6i thi~u Wireless Lan 45 3.4.1 Lich Slr dai 45 3.4.2 Uu diSrn clla WLAN 47 3.4.3 Nhuqc diSrn clla WLAN 47 3.4.4 Cac rno hinh rn,;mg WLAN 48 3.4.5 Cac thiSt bi ph\! trq WLAN 50 3.4.6 WireLess Access Point 50 3.4.7 Mo hinh thlJc tS clla rn~ng WLAN 52 3.4.8 M(>t s6 co chS trao d6i thong tin WLAN 53 3.5 T 6ng kSt ch u'ong CHUaNG 4: BAa M~ T M~NG KHONG DAy 54 56 4.1 Cach thuc tiSn hanh bao rn?t cho WLAN 56 4.2 Co chS chung thlJc 57 4.2.1 Nguyen ly RADIUS SERVER 57 4.2.2 59 4.3 Giao thuc chung thlJc rna r(>ng EAP T6ng quan vS rna hoa 61 4.3.1 M?t rna dong 61 4.3.2 62 4.4 M?t rna kh6i Cac phuong thuc bao rn?t WLAN 4.4.1 Bao rn?t b~ng WEP 65 65 M(>ts6 kieu tAncong tren m~ng 4A.l.Uu 404.2 va nhuqc diem cua WEP 70 Bao m?t b~ng WPAlWPA2 71 40404 Bao m?t b~ng TKIP 73 404.5 Bao m?t b~ng AES 73 404.6 L9C (Filtering) 4.5 , 74 4.4.6.1 L9C SSID 74 404.6.2 L9C dia chi MAC 75 4.4.6.3 L9C giao thuc 76 T&ngkSt chuang CHU'ONG 5: MQT 78 s6 KIEU TAN CONG TRONG WLAN 79 5.1 Sv khac giua t~n cong m~ng co day va khong day 79 5.2 T~n cong bi d(>ng(Passive attack) 79 5.2.1 Phuang thuc b~t goi tin (Sniffing) 81 5.3 T~n cong chu d(>ng(Active Attack) 82 5.3.1 M~o danh truy C?Ptrai phep 84 5.3.2 T~n cong tu ch6i dich v\l-DOS 84 5.3.3 T~n cong cu5ng do~t diSu khien va sua d&ithong tin 87 Do m?t khc s6ng £>6 chfnh 1a SlJ trao a6i, chia se, lUll tru va bao v~ thong tin Do 06 m?ng may tfnh aa tr6' mi~ng m6i ngon cho nhung hacker xam nh?p nhu chi~m aO?t thong tin gay &ian aO?n th~ng ti~ 1iep l?c Tinh hinh an ninh m?ng nhung nfuTIgan aay chuyen bien rat phuc t?P, v6i SlJxu~t hi~n cua cac 10?i hinh cli Ifill m6i: - - - - Trojans chi~rn tm hO'n rnQt nira s6 rna dQc rnm: vfin ti~p t\lC xu th~ gfin aay, lll:ra afiu nam 2009, Trojans chi~m t6i 55% t6ng s6 1uqng rna a(>c m6i, tang 9% so v6i mia afiu nam 2008 Trojans aanh c~p thong tin 1a lo?i rna a(>c ph6 bi~n nh~t GAn rnQt nu'a s6 16 hAng an ninh vin chua duQ'c va: Gi6ng v6i cu6i nam 2008, gfin m(>tlll:ra (49%) t6ng s6 16 h6ng an ninh auQ'c cong b6 lll:ra afiu nam 2009 vfin chua c6 cac bfm va nha cung c~p phat hanh ( Tfnh a~n k~t thuc giai ao';U1nghien Clru,) Ma Cl}'CdQc Conficker: Kh6'i afiu thang 12 nam 2008 va phat triSn m?nh vao thang nam 2009, Conficker aa gay tr6' ng?i cho cac nha nghien cU'U an ninh va gay SlJ hoang mang cho c(>ng a6ng nguai dung may tfnh H?u qua aa minh chung cho SlJ tinh vi va phuc t?P cua cac t(>i ph?m m?ng, Theo th6ng ke, Vi~t Nam aung thu nam va Indonesia aUng thu tam cac nu6c c6 tY 1~may tfnh nhi~m 10?i rna a(>c URL sparn vin ti~p tl}c du'ng dAu, nhung sparn hinh anh cong dang quay trO' I~i: Sau gfin nhu bi~n m~t vao nam 2008, spam hinh anh (image-based spam) aa quay tr6' l?i lll:ra afiu nam 2009, nhung vfin chi chi~m khong afiy 10% t6ng s6 spam MQt s6 ki~u tfrn cong tren m~mg _ Xufit hi~n I~i nhfrng ki~u tfin cong Cll nhu'ng tinh vi hO'n: Trong nhung tfrn cong b~ng sau may tinh tren di~n rQng se l?i ph6 biSn va Trojan v~n tiSp tl;lc dong vai tro chll ySu cac ho?t dQng tfrn cong qua m?ng Cac lo?i hinh tfrn cong tu ch6i dich V\l di~n tren quy mo 100 mia - d~u nam 2009 Xufit hi~n cac ki~u tfin cong moi: D~u nam 2010 cac m?ng xa hQi ao cang bi tfrn cong chiSm lfry tai khoan thong tin nhi~u han Di~n toan dam may dang dugc coi la dich ng~m clla cac hacker nhfrng thang tiSp theo (Ngu&n hUp://www.pcworld.com.vn) 1.2 Cac ki~u tfin cong phB bi~n tren mang may tinh - - - Tfin cong trl}'c ti~p: Nhfrng cUQctfrn cong tr\IC tiSp thong thuemg dugc SLT dl;lng giai do?n d~u d~ chiSm quy~n truy nh?p ben MQt phuang phap tfrn cong c6 di~n la tim ten nguai su d\lng va m?t khfru Day la phuang phap dan gian, d~ th\Ic hi~n va khong doi hoi mQt di~u ki~n d~c bi~t nao d~ b~t d~u Ke tfrn cong co th~ su d\lng nhung thong tin nhu ten nguai dung, sinh, dja chi, s6 nha d~ doan m?t khfru Trong truang hgp co dugc danh sach nguai su d\lng va nhu'ng thong tin v~ moi truang lam vi~c, co mQt truang trinh t\I dQng hoa v~ vi~c tim m?t khfru Trong mQt s6 truemg hgp phuang phap cho phep ke tfrn cong co dugc quy~n clla nguai quan trj h~ th6ng (root hay administrator) Nghe trc vao thai gian rna hacker c6 th~ tri tr?ng thai tru6c bi phat hi~n a !) Q ~ ~ MQt AP hay WB co th~ dU'Q'c SlP dl:lng d~ danh lira ngU'ai dung Hinh 5.9: TAn cong Man In Middle Attack Bi~n phap ngan ch~n: Bao rn?t V?t ly la phuong phap t6t nhAt cho vi~c phong ch6ng ki~u tAn cong Chung ta c6 th~ sir d\lng cac IDS (h~ th6ng pha hi~n xam nh?p) d~ cac thiSt bi dung d~ tAn congo 92 MQt s6 kiSu t~n cong tren m~ng 5.4 TAng k~t chU"ong Qua chuang chung ta biSt duqc mQt s6 kiSu t~n cong d~c thu vao m~ng khong day nhu tk cong Jamming, man in middle attack, t~n cong chu dQng, bi dQng va mQt s6 kiSu t~n cong dva tren cach thuc t~n cong a tren Nha phan tich tung kiSu t~n cong rna chung ta co cach dS phong ch6ng cac tac nhan gay h~i cho h~ th6ng m~ng khong day cua ca nhan hay doanh nghi~p 93 Me)t s6 ki~u t~n c6ng tren m~mg CHUaNG 6: DEMO TAN CONG VAo MANG • KHONGDAY 6.1 Be khoa mat kh~u mang wifi chu~n WEP , Be)c6ng C\.lcrack (be khoa) WEP t6t nh~t duqc phat tri~n b6'i nhom Aircrack-ng, day cling chinh 1a be) c6ng C\l rna chung ta se dung Aircrack-ng 1a be) chuang trinh duqc vi~t v6i m\lc dich c6ng pha khoa m~ng WEP va WPA-PSK Trang be) chuang trinh g6m t6ng ce)ng bay chuang trinh de)c l?p va me)t vai c6ng C\lnh6 khac, t~i day chi su d\lng b6n c6ng C\lsau: • airmon-ng: Dung d~ chuy~n card wireless sang d~ng monitor (ch~ de) nghe ngong va ghi nh?n tin hi~u) • airodump-ng: Dung d~ phat hi~n WLAN va b~t cac goi dfr 1i~u(packet capture) • aireplay-ng: T~o dong tin hi~u • aircrack-ng: Tim rna khoa WEP Con me)t diSu ki~n kh6ng kern ph~n quan tr9ng 1a h~ diSu hanh BackTrack4 Card WLAN phai co kha nang ho~t de)ng 6' ch~ de) "monitor mode" DiSu nghTa1acard WLAN co th~ b~t duqc t~t ca nhfrng goi dfr 1i~urna no phat hi~n rna kh6ng chi gi6i h~n 6' nhfrng goi dfr li~u duqc gui d~n dja chi MAC cua no 6.2 Cac buo'c thuc hien Buo'c 1: Chung ta su d\lng l~nh airmon-ng d~ dua card WLAN vao ch~ de) monitor, sau ti~p t\lC v6i l~nh airmon-ng start wlanO d~ kh6'i de)ng l~i adapter 6' ch~ de)monitor 94 MQt s6 kiSu tfin cong tren m~mg Hinh 6.1: f)U'a card m~ng WLAN vito ch~ dQ monitor B~m co thS kiSm tra r~ng ch~ dQ monitor mode dang duqc kich ho~t b~ng cach go l~nh iwconfig Bay gia, adapter da ch~ dQ monitor mode, chung ta da co thS bftt dfiu quet dS tim m~ng wireless Tren th\lc t~, n~u dang c6 gftng tfin cong mQt m~ng wireless, dSu cfin co mQt s6 thong tin cfin thi~t Chung ta dang tim ki~m cac AP su dVng ch~ dQ rna hoa WEP va dang co it nhfit mQt may khach (client) dang k~t n6i t&i no May khach di kern la quan tr9ng boi vi b~n cfin co duqc dia chi MAC cua client dS su dVng don tfin cong v&i ARP Replay dS t~o dong dfr li~u N~u AP khong co client nao dang k~t n6i, hay di chuySn d~n mQt AP khac Chung ta cfin co ba thong tin dS bftt du dong dfr li~u, t~o diSu ki~n cho aircrack ho~t dQng: • Uia chi MAC / BSSID cua AP mvc tieu 95 M(>t s6 kiSu tAn cong tren m~mg • Dia chi MAC / BSSID clla may tr?m kSt n6i v6i AP • Kenh (channel) dang duqc su dVng b6'i AP mvc tieu va may tr?m Bmyc 2: Kh6'i d(>ng airodump-ng dS thu th~p thong tin vS cac m?ng chufin bi tAn cong b~ng cach go l~nh: airodump-ng ivs write capturefile wlanO Ll,l'a chQn ivs nh~m mvc dich dS chi ghi l?i nhfrng goi dfr li~u IV s b~t duqc (m(>t ph~n clla dong dfr li~u luu thong c~n thiSt cho vi~c crack WEP) du6i d?ng cac files v6i ph~n d~u Clla ten files duqc guy dinh b~ng write "capturefile" Nhfrng dAu g?ch lien tiSp ( ) la m(>t d?ng dai han dS dS dQc han d6i v6i cac dong l~nh Clla airodump Session Edit View Bookmarks Settings Help Hinh 6.2: Tim thong tin cho vi~c be khoa Hinh tren cho thfiy co M(>t tr?m (STA) co BSSID 00:lE:65:73:65:16 kSt n6i v6i AP Kimlong ESSID co BSSID 00: lA:70:D6:54:E4 B?n co thS kiSm tra xem STA nao dang kSt n6i v6i AP nao b~ng cach so sanh dia chi MAC clla AP 96 M