véritable protection contre l analyse de trames?



Similar documents
Packet Sniffer Detection with AntiSniff

A Research Study on Packet Sniffing Tool TCPDUMP

Setting up a monitoring and remote control tool

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Packet Sniffing on Layer 2 Switched Local Area Networks

Cloud Computing and Services of Tomorrow

Sniffing in a Switched Network

Binding IP Addresses To Physical Hardware Addresses

Topics in Network Security

Workshop. Avril 2015 Benoit Buonassera

Audit de sécurité avec Backtrack 5

Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers

Network Traffic Analysis and Intrusion Detection using Packet Sniffer

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

JANVIER 2013 / CATALOGUE DES FORMATIONS

Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma. DNS The Domain Name System

IPv6 Workshop: Location Date Security Trainer Name

A virtual network laboratory for learning IP networking

Scapy. On-the-fly Packet Generation by Dienstag, 10. Januar 12

Final year of the Professional Bachelor 1 s Degree in Computer Networks and Telecommunications specialising in Wireless Networks and Security

Unix System Administration

Modern snoop lab lite version

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

Les nouveautés 2014 mise en lumière

NuFirewall. Open-source authenticating firewall

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Durée 4 jours. Pré-requis

Qu est-ce que le Cloud? Quels sont ses points forts? Pourquoi l'adopter? Hugues De Pra Data Center Lead Cisco Belgium & Luxemburg

Wireless Security: Secure and Public Networks Kory Kirk

Own your LAN with Arp Poison Routing

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

TP : Configuration de routeurs CISCO

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Service Integration BUS

Sun Management Center Change Manager Release Notes

Liste d'adresses URL

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Brest. Backup : copy flash:ppe_brest1 running-config

Lab VI Capturing and monitoring the network traffic

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Thursday, February 7, DOM via PHP

Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna Marc Heuse

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED

Defending Computer Networks Lecture 6: TCP and Scanning. Stuart Staniford Adjunct Professor of Computer Science

Sniffers Basics and Detection


Sun StorEdge A5000 Installation Guide

Driving the Next Generation Internet for mobile business

Chapter 1 Personal Computer Hardware hours

Getting started with IPv6 on Linux

Chapter 8 Phase3: Gaining Access Using Network Attacks

Network Packet Analysis and Scapy Introduction

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

Network Security TCP/IP Refresher

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

ATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1

Corso di Network Security a.a. 2012/2013. Collection of some exercises on the second part of the course

Start Here. Installation and Documentation Reference. Sun StorEdgeTM 6120 Array

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Introduction to Passive Network Traffic Monitoring

Tools for Attacking Layer 2 Network Infrastructure

Performance Modeling of TCP/IP in a Wide-Area Network

Introduction au BIM. ESEB Seyssinet-Pariset Economie de la construction contact@eseb.fr

Proxy firewalls.

SunFDDI 6.0 on the Sun Enterprise Server

Tcpdump Lab: Wired Network Traffic Sniffing

Technical Support Information Belkin internal use only

Table des matières 1 Cœur Routeur Configuration Fichiers de configuration... 1

Jason Dixon DixonGroup Consulting. September 17, 2005 NYCBSDCON 2005

Covert Channels inside DNS

Solaris 9 9/05 Installation Roadmap

Introduction Présentation de scapy. Scapy. Easy Packet Handling. Etienne Maynier. Capitole du Libre 24 Novembre 2012

Radhika Niranjan Mysore, Andreas Pamboris, Nathan Farrington, Nelson Huang, Pardis Miri, Sivasankar Radhakrishnan, Vikram Subramanya and Amin Vahdat

Practical Network Forensics

A radical approach to secure LAN network using novel hardening techniques

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

CS197U: A Hands on Introduction to Unix

LLP ES-LEONARDO-LMP.

IPv6 Associated Protocols

ICS 351: Today's plan

Protecting and controlling Virtual LANs by Linux router-firewall

ARP Storm Detection and Prevention Measures

Unit of Learning # 2 The Physical Layer. Sergio Guíñez Molinos sguinez@utalca.cl

Introduction Les failles les plus courantes Les injections SQL. Failles Web. Maxime Arthaud. net7. Jeudi 03 avril 2014.

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper

Networking Basics and Network Security

Figure 1. Wireshark Menu Bar

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Network sniffing packet capture and analysis

Computer Networks I Laboratory Exercise 1

Strategies to Protect Against Distributed Denial of Service (DD

Ethernet Local Area Networks (LANS) Two basic ways to cable an 10 Mb/s Ethernet LAN: Bus-style (large Ethernet cable, or thin Ethernet cable)

N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In

Network sniffing packet capture and analysis

Les manuels de Toastmasters International, les outils pour réussir

IPv6.marceln.org.

Sun StorEdge N8400 Filer Release Notes

From Fieldbus to toreal Time Ethernet

Transcription:

Réseaux Switchés : véritable protection contre l analyse de trames? Introduction Adresses physiques Adress Resolution Protocol Concentrateur / Commutateur Application pratique Conclusion Guillaume Prigent Laboratoire d Informatique Industrielle École Nationale d Ingénieurs de Brest minos@enib.fr http://www.enib.fr/~minos/ JSSI 2002 - OSSIR enib/li 2 c G.P... 1/19

Introduction : ARP Request ARP Request : dump hexa 0000 ff ff ff ff ff ff 00 50 da 83 70 36 08 06 00 01 0010 08 00 06 04 00 01 00 50 da 83 70 36 c3 dd e9 42 0020 00 00 00 00 00 00 c3 dd e9 14 ARP Request : human readable ETH. 00:50:da:83:70:36 vers ff:ff:ff:ff:ff:ff type : 0x0806 ARP Request. hw_type=0001h, prot_type=0800h, hw_size=06h, prot_size=04h, op=0001h this address : 00:50:da:83:70:36-195.221.233.66 asks that : 00:00:00:00:00:00-195.221.233.20 JSSI 2002 - OSSIR enib/li 2 c G.P... 2/19

Introduction : ARP Reply ARP Reply : dump hexa 0000 00 50 da 83 70 36 00 00 0c 7e fb 26 08 06 00 01 0010 08 00 06 04 00 02 00 00 0c 7e fb 26 c3 dd e9 14 0020 00 50 da 83 70 36 c3 dd e9 42 ARP Reply : human readable ETH. 00:00:0c:7e:fb:26 vers 00:50:da:83:70:36 type : 0x0806 ARP Reply. hw_type=0001h, prot_type=0800h, hw_size=06h, prot_size=04h, op=0002h that answer : 00:00:0c:7e:fb:26-195.221.233.20 is for this : 00:50:da:83:70:36-195.221.233.66 JSSI 2002 - OSSIR enib/li 2 c G.P... 3/19

Adresses physiques 1/2 Format 6 octets Unique Partie IEEE / Partie Fabricant Exemple : 00:50:ba:ea:d5:91 JSSI 2002 - OSSIR enib/li 2 c G.P... 4/19

Adresses physiques 2/2 Correspondance Fabricant 00:00:00 XEROX CORPORATION 00:00:36 ATARI CORPORATION 00:00:01 XEROX CORPORATION 00:00:39 TOSHIBA CORPORATION 00:00:1B NOVELL INC. 00:00:04 XEROX CORPORATION 00:00:1C BELL TECHNOLOGIES 00:00:46 OLIVETTI NORTH AMERICA 00:00:1D CABLETRON SYSTEMS 00:00:4C NEC CORPORATION 00:00:85 CANON INC. 00:00:6B SILICON GRAPHICS 00:00:09 XEROX CORPORATION 00:00:C9 EMULEX CORPORATION 00:00:AE DASSAULT ELECTRONIQUE 00:00:0C CISCO SYSTEMS 00:00:CD CENTRECOM SYSTEMS 00:10:7B CISCO SYSTEMS 00:10:4E CEOLOGIC 00:10:06 RACAL RECORDERS 00:10:83 HEWLETT-PACKARD 00:10:89 WEBSONIC 00:10:A3 OMNITRONIX 00:10:B7 COYOTE TECHNOLOGIES 00:10:C9 MITSUBISHI 00:10:ED SUNDANCE TECHNOLOGY 00:10:FF CISCO SYSTEMS 00:01:17 CANAL + JSSI 2002 - OSSIR enib/li 2 c G.P... 5/19

ARP : Tables dynamiques 1/2 Table dynamique Linux [frelon@enib.fr]# arp -va bourdon.enib.fr (195.221.233.20) at 00:00:0C:7E:FB:26 [ether] on eth0 libellule.enib.fr (195.221.233.11) at 08:00:69:06:E3:59 [ether] on eth0 coccinelle.enib.fr (195.221.233.22) at 08:00:69:0F:3C:57 [ether] on eth0 abeille.enib.fr (195.221.233.33) at 08:00:20:7B:D1:30 [ether] on eth0 Table dynamique Windows C:\>arp -a Interface : 195.221.233.22 --- 0x2 Adresse Internet Adresse physique Type 195.221.233.11 08-00-69-06-e3-59 dynamique 195.221.233.20 00-00-0c-7e-fb-26 dynamique 195.221.233.33 08-00-20-7b-d1-30 dynamique JSSI 2002 - OSSIR enib/li 2 c G.P... 6/19

ARP : Tables dynamiques 2/2 Table dynamique Cisco 2514 bourdon#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 195.221.233.11 163 0800.6906.e359 ARPA Ethernet0 Internet 195.221.233.22 16 0800.690f.3c57 ARPA Ethernet0 Internet 195.221.233.33 2 0800.207b.d130 ARPA Ethernet0 Table dynamique SunOS 5.7 libellule# arp -a Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- le0 bourdon 255.255.255.255 S 00:00:0C:7e:fb:26 le0 coccinelle 255.255.255.255 S 08:00:69:0f:3c:57 le0 abeille 255.255.255.255 S 08:00:20:7b:d1:30 JSSI 2002 - OSSIR enib/li 2 c G.P... 7/19

Différences Hub/Switch Concentrateur Segment partagé Bus Ethernet Niveau 1 Aucun traitement Commutateur Segment dédié ASIC, RISC, matrices Niveaux 1 et 2 Apprentissage, Filtrage JSSI 2002 - OSSIR enib/li 2 c G.P... 8/19

Fonctionnement Hub Envoi Recopie JSSI 2002 - OSSIR enib/li 2 c G.P... 9/19

Fonctionnement Switch Envoi Filtrage JSSI 2002 - OSSIR enib/li 2 c G.P... 10/19

Application pratique : Contexte Victime Requête Réponse Attaquant Requête Réponse JSSI 2002 - OSSIR enib/li 2 c G.P... 11/19

Application pratique : Attaque Attaque Ecoute trames Relayage ARP Spoofing Connexions 1. Victime 2. Attaquant 3. Attaquant 4. Victime JSSI 2002 - OSSIR enib/li 2 c G.P... 12/19

Application pratique : Déroulement Analyse de trame [root@frelon]# dsniff dsniff: listening on eth0 Relayage du traffic [root@frelon]# fragrouter -B1 fragrouter: base-1: normal IP forwarding Spoofing ARP Reply [root@frelon]# minosarpspoof Version : minosarpsoof, version 0.9 Titre : {ETH,ARP} spoof d une rponse ARP Auteur : MinoS Usage : ip_demande eth_demande ip_pour_qui eth_pour_qui JSSI 2002 - OSSIR enib/li 2 c G.P... 13/19

Application pratique : Spoofing ARP [root@frelon]#./minosarpspoof 195.221.233.20 00:50:DA:83:70:36 195.221.233.11 08:00:69:06:E3:59 ; ETH. 00:50:da:83:70:36 vers 08:00:69:06:e3:59 type : 0x0806 ARP Reply. hw_type=0001h, prot_type=0800h, hw_size=06h, prot_size=04h, op=0002h info demandee : 00:50:da:83:70:36-195.221.233.20 pour qui c est : 08:00:69:06:e3:59-195.221.233.11 JSSI 2002 - OSSIR enib/li 2 c G.P... 14/19

Application pratique : Capture ----------------- 04/02/02 12:32:07 tcp libellule.enib.fr.48319 -> pop.winadou.fr.110 USER jose.palfer@winadou.fr PASS jssi2002 ----------------- 04/02/02 12:32:11 tcp coccinelle.enib.fr.22922 -> pop.microloft.com.110 USER eva.aquet@microloft.com PASS money4ever ----------------- 04/02/02 12:32:15 tcp abeille.enib.fr.56125 -> pop.karamiel.com.110 USER homere.dalors@karamiel.com PASS odyseeulysse JSSI 2002 - OSSIR enib/li 2 c G.P... 15/19

Conclusion : Parades Détections ARPWATCH ANTISNIFF... Résolutions statiques arp -f /etc/ethers Switchs intelligents Cryptographie SSH, HTTPS, SPOP, SFTP... VPN JSSI 2002 - OSSIR enib/li 2 c G.P... 16/19

Conclusion : Synthèse Illusion / Confiance Aspect local Matériels Logiciels Configurations... Aspect global La sécurité globale d un système est celle de son maillon local le plus faible......mais le tout n est pas la somme des parties. JSSI 2002 - OSSIR enib/li 2 c G.P... 17/19

Conclusion : Bibliographie Network Insecurity with Switches, Aaron Turner, August 29, 2000 http://rr.sans.org/switchednet/switch security.php Hunt 1.5, Kra, 2000 http://www.gncz.cz/kra/index.html RFC 836 : An Ethernet Adress Resolution Protocol, Plummer, David C., November 1982 Hack Proofing Your Network, Russel, Ryan and Cunningham, Stace, 2000 Sniffing FAQ, Robert Graham, September 14, 2000 http://www.robertgraham.com/pubs/sniffing-faq.html JSSI 2002 - OSSIR enib/li 2 c G.P... 18/19

Réseaux Switchés : véritable protection contre l analyse de trames? Guillaume Prigent Laboratoire d Informatique Industrielle École Nationale d Ingénieurs de Brest minos@enib.fr http://www.enib.fr/~minos/ GP-Conseils Conseil Réseau et Sécurité guillaume.prigent@gpconseils.com http://www.gpconseils.com/ JSSI 2002 - OSSIR enib/li 2 c G.P... 19/19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information