SlideShare uma empresa Scribd logo

TCPIP

Ammar WK
Ammar WK
Tecnologia
1 de 18
Baixar para ler offline
Mastering the Network HackingFU y3dips {y3dips/at/echo/or/id}
Ada apa dengan TCP/IP  Sudah Tua, kurang lebih 30 tahun.  Dibuat tanpa memperhatikan keamanan − Contoh : Telnet, FTP, SMTP  Celah sesungguhnya pada layer IP (v4) − Tidak ada metode verifikasi & enkripsi − Rentan terhadap IP spoofing dan MITM Mastering the Network HackingFU – y3dips
Terkenal  Tunneling  Spoofing  Sniffing  ddos/botnet Mastering the Network HackingFU – y3dips
Tunneling ● TOR (the Onion Router) – “Emerge tor privoxy” – Konfigurasikan untuk jalan berbarengan ● Forward­socks4a   /               127.0.0.1:9050 . ● Node TOR bisa dibuat siapa saja – Gov, Mil, Mafia, dan siapa saja ● Gunakan enkripsi, atau prinsip dual tunnel ● https://www.torproject.org/
Tunneling ● SSH Tunneling “ssh user@server ­D port  ● Stunnel ­ stunnel.org ● Mengamankan transaksi melalui protokol2  tanpa enkripsi – Tunneling http, smb melalui ssh/stunnel
Spoofing Mastering the Network HackingFU – y3dips
Monkey In the middle attack Mastering the Network HackingFU – y3dips
Bertahan dengan Unix • Paper Baca di http://www.slideshare.net/y3dips/arpwall-protect-from-arp-spoofing/ • ARPWatch ,Swatch, PyGTK (alert.py) ARPWALL ● Arp –s [ip] [mac] http://code.google.com/p/arpwall/ Wanna help ? Mastering the Network HackingFU – y3dips
dDOS • Untuk Dos, lihat http://www.slideshare.net/y3dips/denial-of-services/ • Deteksi Botnet via SNMP – 6666 – 7000 open • Syn attack v.s Syn Cookies • Teknik baru (sebenarnya lama) – http://it.slashdot.org/article.pl?sid=08/10/01/0127245 Mastering the Network HackingFU – y3dips
Dunia Liar  Tidak Standar (proprietary)  Tertutup (closed source)  Selamat tinggal anak-anak (kiddo)  Kuat? Mastering the Network HackingFU – y3dips
Dunia Liar  Aplikasi scanner umumnya tak berdaya NMAP, Nessus, superscan  Bekerja berdasarkan data yang di input  Metode handshake berbeda Mastering the Network HackingFU – y3dips
Perlengkapan  Python [kemampuan programming]  Scapy (pakcet Manipulating platform)  Spoofing  Sniffing (tcpdump only?)  Some l33t tools (THCAmapcrap) Mastering the Network HackingFU – y3dips
NMAP vs AMAP Mastering the Network HackingFU – y3dips
Scapy Mastering the Network HackingFU – y3dips
Aplikasi Pribadi • Tidak kuat, bahkan “’relatif’ lebih lemah Hanya telnet secara multiple dan mereka mati • Tcp/ip memang bercelah, Aplikasi yang berjalan diatasnya membawa dosa yang sama • Tanpa metode verifikasi + enkripsi • Tidak ada akses kontrol, otentikasi, session timeout, limitasi koneksi Mastering the Network HackingFU – y3dips
Tips Info di Jaringan  Snmp (default community strings)  Smtp ( vrfy dan expn verbs ; enumerate user)  Ftp (user enum)  Pop3 (user enum) Mastering the Network HackingFU – y3dips
Bertahan? • IPV6 • Medukung Autentikasi , IP proteksi dan Trafik Kontrol • Alasan politis dan bisnis maka belum populer. Mastering the Network HackingFU – y3dips
Santai Tanya & Jawab Terima Kasih - Komite - himatif UPN - Kamu!, ya kamu yang mendukung acara ini. Mastering the Network HackingFU – y3dips

Recomendados

Tugas pti
Tugas ptiTugas pti
Tugas ptiagusriyanto1990
 
Sistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanSistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanDuwinowo NT
 
Powerpointku
PowerpointkuPowerpointku
PowerpointkuEuis Chealim
 
7 spread spectrum
7 spread spectrum7 spread spectrum
7 spread spectrumUNTUNGSG
 
Snort
SnortSnort
SnortMunir Putra
 
Keamanan jaringan
Keamanan jaringanKeamanan jaringan
Keamanan jaringanShabrina Dewi
 
Firewall 2 nat
Firewall 2 natFirewall 2 nat
Firewall 2 natFajar Rohmawan
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshopAmmar WK
 

Recomendados

Tugas pti
Tugas ptiTugas pti
Tugas ptiagusriyanto1990
 
Sistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanSistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanDuwinowo NT
 
Powerpointku
PowerpointkuPowerpointku
PowerpointkuEuis Chealim
 
7 spread spectrum
7 spread spectrum7 spread spectrum
7 spread spectrumUNTUNGSG
 
Snort
SnortSnort
SnortMunir Putra
 
Keamanan jaringan
Keamanan jaringanKeamanan jaringan
Keamanan jaringanShabrina Dewi
 
Firewall 2 nat
Firewall 2 natFirewall 2 nat
Firewall 2 natFajar Rohmawan
 
backdooring workshop
backdooring workshopbackdooring workshop
backdooring workshopAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
password series
password seriespassword series
password seriesAmmar WK
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit ResearchDan H
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentestDan H
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentestDan H
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi JaringanDigital Echidna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingKhairi Aiman
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Dan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemDan H
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisDan H
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linuxHammad Ahmed Khawaja
 
Debian Packaging tutorial
Debian Packaging tutorialDebian Packaging tutorial
Debian Packaging tutorialnussbauml
 
Had sec mikrotik administrator
Had sec mikrotik administratorHad sec mikrotik administrator
Had sec mikrotik administratormuhammad pailus
 
Connect your Javascript web app to ownCloud over the WebDAV interface
Connect your Javascript web app to ownCloud over the WebDAV interface Connect your Javascript web app to ownCloud over the WebDAV interface
Connect your Javascript web app to ownCloud over the WebDAV interface Ilian Sapundshiev
 
bluetooth [in]security
bluetooth [in]securitybluetooth [in]security
bluetooth [in]securityAmmar WK
 
webhacking
webhackingwebhacking
webhackingAmmar WK
 
eMAPT
eMAPTeMAPT
eMAPTAndrii Holovchenko
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with PasswordAmmar WK
 
Exploit Development with Python
Exploit Development with PythonExploit Development with Python
Exploit Development with PythonThomas Gregory
 
Network security
Network securityNetwork security
Network securitymho3yank
 
Attacking The Lan
Attacking The LanAttacking The Lan
Attacking The Lanphanleson
 

Mais conteúdo relacionado

Destaque

Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
password series
password seriespassword series
password seriesAmmar WK
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit ResearchDan H
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentestDan H
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentestDan H
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Dan H
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemDan H
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisDan H
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
Debian Packaging tutorial
Debian Packaging tutorialDebian Packaging tutorial
Debian Packaging tutorialnussbauml
 
Had sec mikrotik administrator
Had sec mikrotik administratorHad sec mikrotik administrator
Had sec mikrotik administratormuhammad pailus
 
Connect your Javascript web app to ownCloud over the WebDAV interface
Connect your Javascript web app to ownCloud over the WebDAV interface Connect your Javascript web app to ownCloud over the WebDAV interface
Connect your Javascript web app to ownCloud over the WebDAV interface Ilian Sapundshiev
 
bluetooth [in]security
bluetooth [in]securitybluetooth [in]security
bluetooth [in]securityAmmar WK
 
webhacking
webhackingwebhacking
webhackingAmmar WK
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with PasswordAmmar WK
 
Exploit Development with Python
Exploit Development with PythonExploit Development with Python
Exploit Development with PythonThomas Gregory
 

Destaque (20)

Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
password series
password seriespassword series
password series
 
Linux Exploit Research
Linux Exploit ResearchLinux Exploit Research
Linux Exploit Research
 
Backtrack 5 - network pentest
Backtrack 5 - network pentestBacktrack 5 - network pentest
Backtrack 5 - network pentest
 
Backtrack 5 - web pentest
Backtrack 5 - web pentestBacktrack 5 - web pentest
Backtrack 5 - web pentest
 
Penetrasi Jaringan
Penetrasi JaringanPenetrasi Jaringan
Penetrasi Jaringan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)Advanced Exploit Development (Updated on 28 January, 2016)
Advanced Exploit Development (Updated on 28 January, 2016)
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment systemWorkshop 101 - Penetration testing & Vulnerability assessment system
Workshop 101 - Penetration testing & Vulnerability assessment system
 
Seminar Hacking & Security Analysis
Seminar Hacking & Security AnalysisSeminar Hacking & Security Analysis
Seminar Hacking & Security Analysis
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
 
Debian Packaging tutorial
Debian Packaging tutorialDebian Packaging tutorial
Debian Packaging tutorial
 
Had sec mikrotik administrator
Had sec mikrotik administratorHad sec mikrotik administrator
Had sec mikrotik administrator
 
Connect your Javascript web app to ownCloud over the WebDAV interface
Connect your Javascript web app to ownCloud over the WebDAV interface Connect your Javascript web app to ownCloud over the WebDAV interface
Connect your Javascript web app to ownCloud over the WebDAV interface
 
bluetooth [in]security
bluetooth [in]securitybluetooth [in]security
bluetooth [in]security
 
webhacking
webhackingwebhacking
webhacking
 
eMAPT
eMAPTeMAPT
eMAPT
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with Password
 
Exploit Development with Python
Exploit Development with PythonExploit Development with Python
Exploit Development with Python
 

Semelhante a TCPIP

Network security
Network securityNetwork security
Network securitymho3yank
 
Attacking The Lan
Attacking The LanAttacking The Lan
Attacking The Lanphanleson
 
Materi 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputerMateri 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputersulaiman yunus
 
Pertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okPertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okRoziq Bahtiar
 
Network security
Network securityNetwork security
Network securityarri adhy
 
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...PrimaTriPuspita
 
INSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptINSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptnabilaalea
 
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...RizkaFitriani3
 
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...ViviApriliza
 
Cara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanCara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanWarnet Raha
 
Scanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingScanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingAwaludin Siking
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshootingPAMBAH.Corp
 
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...RonnaAzaniDwiSeptian
 
Merancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_networkMerancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_networkRoyon Reys Rumapea
 
Ethical Hacking3
Ethical Hacking3Ethical Hacking3
Ethical Hacking3dodontn
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshootingsuparma
 

Semelhante a TCPIP (20)

Network security
Network securityNetwork security
Network security
 
Attacking The Lan
Attacking The LanAttacking The Lan
Attacking The Lan
 
Materi 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputerMateri 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputer
 
Pertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okPertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan ok
 
SNORT
SNORTSNORT
SNORT
 
Firewall
FirewallFirewall
Firewall
 
Onno hacker
Onno hackerOnno hacker
Onno hacker
 
Network security
Network securityNetwork security
Network security
 
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
 
INSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptINSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.ppt
 
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
 
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
 
Cara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanCara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringan
 
Keamanan s&i
Keamanan s&iKeamanan s&i
Keamanan s&i
 
Scanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingScanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin Siking
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshooting
 
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
 
Merancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_networkMerancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_network
 
Ethical Hacking3
Ethical Hacking3Ethical Hacking3
Ethical Hacking3
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshooting
 

Mais de Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 

Mais de Ammar WK (20)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Network security
Network securityNetwork security
Network security
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security Professional
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 

TCPIP

  • 1. Mastering the Network HackingFU y3dips {y3dips/at/echo/or/id}
  • 2. Ada apa dengan TCP/IP  Sudah Tua, kurang lebih 30 tahun.  Dibuat tanpa memperhatikan keamanan − Contoh : Telnet, FTP, SMTP  Celah sesungguhnya pada layer IP (v4) − Tidak ada metode verifikasi & enkripsi − Rentan terhadap IP spoofing dan MITM Mastering the Network HackingFU – y3dips
  • 3. Terkenal  Tunneling  Spoofing  Sniffing  ddos/botnet Mastering the Network HackingFU – y3dips
  • 4. Tunneling ● TOR (the Onion Router) – “Emerge tor privoxy” – Konfigurasikan untuk jalan berbarengan ● Forward­socks4a   /               127.0.0.1:9050 . ● Node TOR bisa dibuat siapa saja – Gov, Mil, Mafia, dan siapa saja ● Gunakan enkripsi, atau prinsip dual tunnel ● https://www.torproject.org/
  • 5. Tunneling ● SSH Tunneling “ssh user@server ­D port  ● Stunnel ­ stunnel.org ● Mengamankan transaksi melalui protokol2  tanpa enkripsi – Tunneling http, smb melalui ssh/stunnel
  • 6. Spoofing Mastering the Network HackingFU – y3dips
  • 7. Monkey In the middle attack Mastering the Network HackingFU – y3dips
  • 8. Bertahan dengan Unix • Paper Baca di http://www.slideshare.net/y3dips/arpwall-protect-from-arp-spoofing/ • ARPWatch ,Swatch, PyGTK (alert.py) ARPWALL ● Arp –s [ip] [mac] http://code.google.com/p/arpwall/ Wanna help ? Mastering the Network HackingFU – y3dips
  • 9. dDOS • Untuk Dos, lihat http://www.slideshare.net/y3dips/denial-of-services/ • Deteksi Botnet via SNMP – 6666 – 7000 open • Syn attack v.s Syn Cookies • Teknik baru (sebenarnya lama) – http://it.slashdot.org/article.pl?sid=08/10/01/0127245 Mastering the Network HackingFU – y3dips
  • 10. Dunia Liar  Tidak Standar (proprietary)  Tertutup (closed source)  Selamat tinggal anak-anak (kiddo)  Kuat? Mastering the Network HackingFU – y3dips
  • 11. Dunia Liar  Aplikasi scanner umumnya tak berdaya NMAP, Nessus, superscan  Bekerja berdasarkan data yang di input  Metode handshake berbeda Mastering the Network HackingFU – y3dips
  • 12. Perlengkapan  Python [kemampuan programming]  Scapy (pakcet Manipulating platform)  Spoofing  Sniffing (tcpdump only?)  Some l33t tools (THCAmapcrap) Mastering the Network HackingFU – y3dips
  • 13. NMAP vs AMAP Mastering the Network HackingFU – y3dips
  • 14. Scapy Mastering the Network HackingFU – y3dips
  • 15. Aplikasi Pribadi • Tidak kuat, bahkan “’relatif’ lebih lemah Hanya telnet secara multiple dan mereka mati • Tcp/ip memang bercelah, Aplikasi yang berjalan diatasnya membawa dosa yang sama • Tanpa metode verifikasi + enkripsi • Tidak ada akses kontrol, otentikasi, session timeout, limitasi koneksi Mastering the Network HackingFU – y3dips
  • 16. Tips Info di Jaringan  Snmp (default community strings)  Smtp ( vrfy dan expn verbs ; enumerate user)  Ftp (user enum)  Pop3 (user enum) Mastering the Network HackingFU – y3dips
  • 17. Bertahan? • IPV6 • Medukung Autentikasi , IP proteksi dan Trafik Kontrol • Alasan politis dan bisnis maka belum populer. Mastering the Network HackingFU – y3dips
  • 18. Santai Tanya & Jawab Terima Kasih - Komite - himatif UPN - Kamu!, ya kamu yang mendukung acara ini. Mastering the Network HackingFU – y3dips