SNIFFER ËÃ×Í network wiretap
ʹԿà¿ÍÃìËÃ×Í·ÕèàÃÕ¡ÇèÒ network wiretap à»ç¹â»Ãá¡ÃÁ«Ö觷Ó˹éÒ·Õè´Ñ¡¨Ñºá¾ç¡à¡µã¹à¤Ã×Í¢èÒ â»Ãá¡ÃÁʹԿà¿ÍÃì¨Ð¶Í´¢éÍÁÙÅã¹á¾ç¡à¡µáÅÐ à¡çººÑ¹·Ö¡äÇéãËé¼ÙéµÔ´µÑ駹Óä»ãªé§Ò¹Ê¹Ô¿à¿ÍÃì¨Ö§à»ç¹â»Ãá¡ÃÁ˹Ö觷ÕèáΡà¡ÍÃì¹ÔÂÁãªéàÁ×èÍà¨ÒÐà¢éÒä»ã¹à¤Ã×èͧ¤ÍÁ¾ÔÇàµÍÃì»ÅÒ·Ò à¾×èÍãªé´Ñ¡¨Ñº ¢éÍÁÙÅâ´Â੾ÒÐÍÂèÒ§ÂÔ觪×èͺѪÕáÅÐÃËÑʼèÒ¹à¾×è͹Óä»ãªéà¨ÒÐÃкºÍ×è¹µèÍä» àÃÒ¨ÐãªéʹԿà¿ÍÃìÊÓËÃѺ·ÓÍÐäÃ
â´ÂÊèǹÁÒ¡áÅéǨÐÁÕ¡ÒÃãªéâ»Ãá¡ÃÁʹԿà¿ÍÃìÍÂÙèÊͧÃٻẺ¤×Í ãªé㹡ÒúÓÃاÃÑ¡ÉÒà¤Ã×Í¢èÒ ËÃ×ÍãªéÇÔà¤ÃÒÐËì¡ÒúءÃØ¡ µÑÇÍÂèÒ§àªè¹¡ÒÃÇÔà¤ÃÒÐËì »ÑËҢͧà¤Ã×Í¢èÒÂÇèÒ·ÓäÁà¤Ã×èͧ·Õè 1 äÁèÊÒÁÒöµÔ´µè͡Ѻà¤Ã×èͧ·Õè 2 ä´éËÃ×ÍãªéÇÔà¤ÃÒÐËì»ÃÐÊÔ·¸ÔÀÒ¾¢Í§Ãкºà¾×èÍá¡é»ÑËҤ͢ǴËÃ×Íãªéã¹ ¡ÒõÃǨ¨ÑºËÒ¼ÙéºØ¡ÃØ¡Ãкº ¡Ò÷ӧҹ¢Í§Ê¹Ô¿à¿ÍÃì
â·â»âŨÕÍÕà¸ÍÃìà¹çµ¹Ñé¹ÊÃéÒ§ÁÒ¨Ò¡ËÅÑ¡¡ÒÃáªÃì ¤×Í ·Ø¡à¤Ã×èͧº¹à¤Ã×Í¢èÒÂÀÒÂã¹à¤Ã×Í¢èÒÂà´ÕÂǡѹ¨ÐãªéÊÒµÑÇ¡ÅÒ§ÊÒÂà´ÕÂǡѹ «Öè§ËÁÒ¤ÇÒÁÇèÒ ·Ø¡à¤Ã×èͧ¨ÐÃѺá¾ç¡à¡µ·Ñé§ËÁ´º¹ÊÒµÑÇ¡ÅÒ§¹Ñé¹ä´é ´Ñ§¹Ñé¹ÎÒÃì´áÇÃìÍÕà¸ÍÃìà¹çµ¨Ö§¶Ù¡ÊÃéÒ§ÁÒ¾ÃéÍÁ¡ÑºµÑÇ¡Ãͧ«Ö觨ÐäÁèʹã¨á¾ç¡à¡µ ·ÕèäÁèä´éÊ觶֧ â´Â¡ÒõÃǨ·ÕèÎÒÃì´áÇÃìáÍ´à´ÃÊ áµèʹԿà¿ÍÃì¨Ð»Ô´¡Ò÷ӧҹ¢Í§¿ÔÅàµÍÃì¹Ñé¹ áÅкѧ¤ÑºãËé¡ÒÃì´à¤Ã×Í¢èÒÂà¢éÒÊÙèÀÒÇСÒ÷ӧҹ·ÕèàÃÕ¡ÇèÒ "promiscuous mode" â»Ãá¡ÃÁʹԿà¿ÍÃÊèǹãËè·Ó§Ò¹ãËé¡ÑºÍÕà¸ÍÃìà¹çµ¡ÒÃì´á·º·Ø¡áºº áÅÐàÁ×èͨѺà¿ÃÁ¢éÍÁÙÅ¢Öé¹ÁÒä´éáÅéÇ ¡ç¨Ð¹Óä»ãÊè㹺ѿà¿ÍÃì â´Â¡ÒèѺ ¢éÍÁÙÅÁÕÍÂÙè 2 âËÁ´ ¨Ñº¢éÍÁÙŨ¹¡ÃзÑ觺ѿà¿ÍÃìàµçÁ ËÃ×ÍãªéºÑ¿à¿ÍÃìẺ round-robin (à¢Õ¹¢éÍÁÙÅãËÁè·Ñº¢éÍÁÙÅ·Õèà¡èÒ·ÕèÊØ´) â»Ãá¡ÃÁºÒ§ª¹Ô´ (àªè¹ BlackICE Sentry IDS ¢Í§ Network ICE) ÊÒÁÒöãªé´ÔÊ¡ìà»ç¹ºÑ¿à¿ÍÃìẺ round-robin 㹡ÒèѺ¢éÍÁÙÅ·Õè¤ÇÒÁàÃçÇàµçÁ·Õè 100 mbps ä´é «Ö觷ÓãËéÁպѿà¿ÍÃ좹ҴËÅÒ¡ԡÐ亵ì á·¹·Õè¨Ðãªé੾ÒÐ˹èǤÇÒÁ¨Ó·ÕèÁÕ¢¹Ò´¨Ó¡Ñ´ ·ÓÍÂèÒ§äö֧¨Ð»éͧ¡Ñ¹¼Ùé·ÕèÁÒ´Ñ¡¨Ñº¢éÍÁÙÅ
àÃÒÊÒÁÒö»éͧ¡Ñ¹¡Òôѡ¨Ñº¢éÍÁÙŨҡÀÒÂã¹à¤Ã×Í¢èÒÂä´éËÃ×Í·ÓãËé¡Òôѡ¨ÑºÂÒ¡¢Öé¹ áµèäÁèÊÒÁÒö»éͧ¡Ñ¹¡Òôѡ¨Ñº¢éÍÁÙŨҡÀÒ¹͡à¤Ã×Í¢èÒ ä´é ÇÔ¸Õ·Õè´Õ·ÕèÊش㹡Òûéͧ¡Ñ¹¢éÍÁÙŤ×Í ¡ÒÃà¢éÒÃËÑÊ¢éÍÁÙÅ à¾ÃÒж֧áÁéÇèÒ¼ÙéÍ×è¹ÊÒÁÒö´Ñ¡¨Ñº¢éÍÁÙÅä´é áµè¡çäÁèÊÒÁÒöÍèÒ¹¢éÍÁÙÅä´é ÇÔ¸Õ·Õèãªé㹡ÒÃà¢éÒ ÃËÑÊ¢éÍÁÙÅ Áմѧ¹Õé ¤×Í
SSL "Secure Socket Layer" ¹ÔÂÁãªéÍÂèÒ§á¾ÃèËÅÒÂã¹àÇçº à¾ÃÒÐãªé㹡ÒÃà¢éÒÃËÑÊ¢éÍÁÙżèÒ¹àÇçºâ´ÂÊèǹãËè ¨Ðãªé㹸ØáÃÃÁÍÔàÅç¡·Ã͹ԡÊìàªè¹¡ÒáÃÍ¡¢éÍÁÙŢͧà¤Ã´Ôµ¡ÒÃì´
PGP áÅÐ S/MIME E-mail ÊÒÁÒö¶Ù¡´Ñ¡¨Ñº¢éÍÁÙÅä´é¨Ò¡ËÅÒ·ҹ ÇÔ¸Õ·Õè´Õ·ÕèÊش㹡Òûéͧ¡Ñ¹¢éÍÁÙŢͧ mail ¤×Í¡ÒÃà¢éÒÃËÑÊ¢éÍÁÙŹÔÂÁãªéÍÂÙèÊͧÃкº¤×Í PGP (Pretty Good Privacy) áÅÐ S/MIME Ssh "Secure Shell"
ãªéÊÓËÃѺ¡ÒÃÅçÍ¡ÍÔ¹à¢éÒä»ãªé§Ò¹º¹ÃкºÂÙ¹Ô¡«ì ssh ¨Ðãªé㹡ÒÃà¢éÒÃËÑÊ¢éÍÁÙÅà¾×èÍ»éͧ¡Ñ¹¡Òôѡ¨Ñº ssh à»ç¹â»Ãá¡ÃÁ·ÕèÍ͡ẺÁÒãªéá·¹ telnet ·ÓÍÂèÒ§äö֧·ÓãËé¡Òôѡ¨Ñº¢éÍÁÙÅÂÒ¡¢Öé¹
¡ÒÃà»ÅÕ蹨ҡ¡ÒÃãªéÎѺÁÒà»ç¹ÊÇÔµªì¡çà»ç¹ÇÔ¸Õ¡Ò÷Õè§èÒ·ÕèËÊش㹡Òûéͧ¡Ñ¹ÃдѺµé¹ áµèÇÔ¸Õ¡ÒÃàªè¹¹ÕéÂѧÁըشÍè͹㹷ҧ»¯ÔºÑµÔ à¾ÃÒÐÊÇÔµªìÂѧÁÕ¡ÒÃÊÃéÒ§ á¾ç¡à¡µºÃÍ´¤ÅÒÊ«Öè§à»ç¹¨Ø´Íè͹·ÓãËé¼ÙéºØ¡ÃØ¡ÊÒÁÒö»ÅÍÁá¾ç¡à¡µ ARP à¢éÒÁÒãªé§Ò¹ä´é ¹Í¡¨Ò¡¹ÕéáΡà¡ÍÃìãªéÇÔ¸Õ "router redirection" â´ÂÇԸպ͡àÊé¹·Ò§ãËÁè·ÕèãªéÊè§á¾ç¡à¡µä»ËÒ¼ÙéºØ¡ÃØ¡â´Â¼ÙéºØ¡ÃØ¡¨Ð»ÅÍÁä;ÕáÍ´à´ÃÊà»ç¹àÃÒàµÍÃì ·ÓãËéâÎʵìµèÒ§ æ º¹à¤Ã×Í¢èÒÂà¢éÒ㨼ԴÇèÒ¼ÙéºØ¡ÃØ¡à»ç¹àÃÒàµÍÃìáÅÐÊè§á¾ç¡à¡µà¢éÒÊÙèà¤Ã×èͧ¢Í§¼ÙéºØ¡ÃØ¡ Ãкº»éͧ¡Ñ¹ÊèǹãËèÁÕà¤Ã×èͧÁ×ͪèǵÃǨÊͺ àªè¹ Expert Sniffer «Ö觤͵ÃǨÊͺ¡ÒúءÃØ¡ ÍÂèÒ§àªè¹ BlackICE IDS º¹Ãкº»¯ÔºÑµÔ¡ÒÃÇÔ¹â´ÇÊì «Ö觨Ф͵ÃǨÊͺáÅÐá¨é§µèͼÙé´ÙáÅÃкºàÁ×èÍÁÕ¡ÒúءÃØ¡à¡Ô´¢Öé¹ â´Â·ÑèÇ仺¹ÍÕà¸ÍÃìà¹çµÍÐá´»àµÍÃìÊÒÁÒö¡Ó˹´ËÁÒÂàÅ¢áÁ¤áÍ´à´ÃÊàͧä´é ´Ñ§¹Ñ鹨֧à»ç¹¨Ø´Íè͹ãËé¼ÙéºØ¡ÃØ¡à¢éÒÁÒ»ÅÍÁËÁÒÂàÅ¢áÁ¤áÍ´à´ÃÊ â´Â¡ÒûÃѺà»ÅÕè¹ËÁÒÂàÅ¢áÁ¤áÍ´à´ÃÊ º¹¡ÒÃì´¹Ñé¹ãËÁè â´Â¼ÙéºØ¡ÃØ¡ÊÒÁÒöÊÃéÒ§á¾ç¡à¡µ»ÅÍÁËÁÒÂàÅ¢áÁ¤áÍ´à´ÃÊà¾×èÍãËéÊÇÔµªìÃÙé¨Ñ¡ ËÁÒÂàÅ¢áÁç¤áÍ´à´ÃÊ àÁ×èÍÊÇÔµªìÃÙé¨Ñ¡ËÁÒÂàÅ¢áÁ¤áÍ´à´ÃÊáÅéÇ·ÓãËéËÁÒÂàÅ¢áÁ¤áÍ´à´ÃʹÑé¹à»ç¹¢Í§¼ÙéºØ¡ÃØ¡ ÇÔ¸ÕµÃǨËÒâ»Ãá¡ÃÁʹԿà¿ÍÃì
ã¹·Ò§·ÄɮչÑé¹àÃÒäÁèÁÕ·Ò§·Õè¨ÐÊÒÁÒöµÃǨÊͺËÒâ»Ãá¡ÃÁʹԿà¿ÍÃìä´éàÅ à¾ÃÒÐÇèÒµÑÇâ»Ãá¡ÃÁ¹Ñ鹨ÐäÁèµèÒ§¡Ñºâ»Ãá¡ÃÁÍ×è¹·ÑèÇ æ ä» â»Ãá¡ÃÁ ʹԿà¿ÍÃì¹Ñ鹷ӧҹẺ "à©×èÍÂ" (passive) ¡ÅèÒǤ×Íá¤èà¾Õ§´Ñ¡¨ÑºáÅÐà¡çºá¾ç¡à¡µà·èÒ¹Ñé¹ áµè¨ÐäÁèÁÕ¡ÒÃÊè§á¾ç¡à¡µã´ æ ÍÍ¡ÁÒ áµèã¹·Ò§»¯ÔºÑµÔ¨ÃÔ§ æ ¡ç¨ÐÁÕ·Ò§ÇÔ¸Õ·ÕèÊÒÁÒöµÃǨËÒâ»Ãá¡ÃÁʹԿà¿ÍÃìä´é à¾ÃÒÐÅӾѧµÑÇʹԿà¿ÍÃìàͧ ¨ÐäÁèÁÕ¡ÒÃÊè§á¾ç¡à¡µÍÐäÃÍÍ¡ÁÒàÅ áµè ¶éÒ¹Ó仵ԴµÑ駺¹à¤Ã×èͧ¤ÍÁ¾ÔÇàµÍÃì¸ÃÃÁ´ÒáÅéÇ Ê¹Ô¿à¿ÍÃì¹Ñ鹡çÍÒ¨ÁÕ¡ÒÃÊè§á¾ç¡à¡µÍÍ¡ÁÒ àªè¹ÍÒ¨¨ÐÁÕ¡ÒÃÃéͧ¢ÍºÃÔ¡ÒôÕàÍç¹àÍÊ à¾×èÍãªé¡ÒÃËÒ ª×èÍà¤Ã×èͧ¢Í§ä;ÕáÍ´à´ÃÊ·ÕèʹԿà¿ÍÃì¨Ñºä´éà»ç¹µé¹ ·ÓãËéÁÕªèͧ·Ò§µÃǨËÒà¤Ã×èͧ·ÕèÁÕʹԿà¿ÍÃìä´é ÇÔ¸Õ·ÑèÇä»·Õèãªé㹡ÒõÃǨËÒâ»Ãá¡ÃÁ ʹԿà¿ÍÃì Áմѧ¹Õé ãªé¤ÓÊÑè§ Ping
à¤Ã×èͧ·Õè¶Ù¡µÔ´µÑé§Ê¹Ô¿à¿ÍÃìÂѧ¤§·Ó§Ò¹áÅÐãËéºÃÔ¡ÒÃÍ×è¹ æ µÒÁ»¡µÔ«Öè§ËÁÒ¤ÇÒÁÇèÒ¶éÒàÃÒÃéͧ¢ÍºÃÔ¡ÒÃä» à¤Ã×èͧàËÅèÒ¹Ñ鹡ç¨ÐµÍº¡ÅѺÁÒ à·¤¹Ô¤ ˹Ö觡ç¤×ÍãËéÊè§á¾ç¡à¡µÃéͧ¢Íä»Âѧä;ÕáÍ´à´Ãʢͧà¤Ã×èͧ¹Ñé¹ áµèµéͧÊÃéÒ§á¾ç¡à¡µ·ÕèäÁèä´éºÃèØÍÕà¸ÍÃìà¹çµáÍ´à´Ãʢͧà¤Ã×èͧ¹Ñé¹ ¢ÍãËé¾Ô¨ÒÃ³Ò ¢Ñ鹵͹µèÍ仹Õé ÊÁÁµÔÇèÒà¤Ã×èͧ·ÕèʧÊÑÂÇèÒÁÕʹԿà¿ÍÃìÍÂÙè¹Ñé¹ ÁÕä;ÕáÍ´à´ÃÊà»ç¹ 10.0.0.1 áÅÐÁÕÍÕà¸ÍÃìà¹çµáÍ´à´ÃÊà·èҡѺ 00-40-05-A4-79-32 ãËéà¤Ã×èͧ·Õè¨ÐãªéµÃǨÊͺÍÂÙèã¹à«¡àÁ¹µìà´ÕÂǡѺà¤Ã×èͧ·ÕèʧÊÑÂÇèÒÁÕʹԿà¿ÍÃì ¨Ò¡¹Ñé¹ãËéà¤Ã×èͧµÃǨÊͺÊÃéÒ§á¾ç¡à¡µ·ÕèºÃèØÍÕà¸ÍÃìà¹çµ áÍ´à´ÃÊ·ÕèäÁèÁÕÍÂÙè¨ÃÔ§ã¹à«¡àÁ¹µì¹Ñé¹ àªè¹à»ÅÕè¹à»ç¹ 00-40-05-A4-79-33 Êè§ "ICMP Echo Requrest" (ping) ä»â´Âãªé¤èÒÍÕà¸ÍÃìà¹çµáÍ´à´ÃÊãËÁè¹Õé ä»Âѧà¤Ã×èͧ·ÕèʧÊÑÂÇèÒÁÕʹԿà¿ÍÃì «Öè§ã¹·Õè¹Õé¤×Í 10.0.0.1 ·Ø¡à¤Ã×èͧ·Õèä´éÃѺá¾ç¡à¡µ¨ÐäÁèʹ㨵èÍá¾ç¡à¡µ¹Õé à¹×èͧ¨Ò¡äÁèÁÕà¤Ã×èͧ㴷ÕèÁÕÍÕà¸ÍÃìà¹çµáÍ´à´ÃʹÕé ¡àÇé¹à¤Ã×èͧ·Õè¶Ù¡µÔ´µÑé§Ê¹Ô¿à¿ÍÃì ¨Ð µÍº¡ÅѺÁÒà¾ÃÒÐ à¤Ã×èͧ¨Ðà¡çº·Ø¡á¾ç¡à¡µâ´ÂäÁèʹã¨ÍÕà¸ÍÃìà¹çµáÍ´à´ÃÊ áÅÐá¾ç¡à¡µ¹Ñ鹡ç¶Ù¡Ê觵èÍä»Âѧâ»ÃⵤÍÅÃдѺº¹à¹×èͧ¨Ò¡ÁÕäÍ¾Õ áÍ´à´ÃÊ·ÕèÊ觶֧µÑÇàͧ à·¤¹Ô¤¹ÕéàËÁÒзÕè¨Ðãªéº¹â·â»âÅ¨Õ ·Õèà»ç¹ÊÇÔµªìËÃ×ͺÃÔ´¨ì à¾ÃÒÐàÁ×èÍÊÇÔµªì¾ºÍÕà¸ÍÃìà¹çµáÍ´à´ÃÊ·ÕèäÁèÃÙé¨Ñ¡¡ç¨Ð¡ÃШÒÂá¾ç¡à¡µä»Âѧ·Ø¡à¤Ã×èͧ·ÕèÍÂÙè ã¹à«¡àÁ¹µì¹Ñé¹ æ àÃÒÊÒÁÒöà¾ÔèÁ»ÃÐÊÔ·¸ÔÀÒ¾ã¹ÇÔ¸Õ¡Òà ping ä´é´Ñ§¹Õé ãªéâ»ÃⵤÍÅ»ÃÐàÀ··ÕèÁÕ¡ÒÃÊè§ä»áÅéÇÁÕ¡Òõͺ¡ÅѺÁÒËÒàªè¹ ãªé UDP echo (¾ÍÃìµ 7) ËÃ×ÍÍÒ¨Êè§á¾ç¡à¡µ·ÕèÁÕ¢éͼԴ¾ÅÒ´ä»Âѧà¤Ã×èͧ·ÕèàÃÒʧÊÑ àªè¹Êè§á¾ç¡à¡µ·ÕèÁÕä;Õàδà´ÍÃì¼Ô´¾ÅÒ´ä» àÁ×èÍà¤Ã×èͧ·ÕèàÃÒµéͧ¡ÒõÃǨÊͺ¡ç¨Ð Êè§ ECMP ¡ÅÑºä» ÇÔ¸Õ ARP
ÇÔ¸Õ ARP ¨Ð¤ÅéÒÂ æ ¡ÑºÇÔ¸Õ Ping áµè¨Ðãªéá¾ç¡à¡µ ARP á·¹ â´ÂÊè§á¾ç¡à¡µ ARP ÍÍ¡ä»â´ÂãËéÍÕà¸ÍÃìà¹çµáÍ´à´ÃÊ»ÅÒ·ҧ·Õèà»ç¹¤èÒã´¡çä´é·ÕèäÁèÁÕ ÍÂÙèã¹à«¡àÁ¹µì¹Ñé¹ áÅжéÒÁÕ¡Òõͺ¡ÒáÅѺÁÒ áÊ´§ÇèÒà¤Ã×èͧ·ÕèÁÕàÅ¢ä;ÕáÍ´à´ÃʹÕé¨ÐÍÂÙèã¹âËÁ´ promiscuous ÇÔ¸Õ DNS
ʹԿà¿ÍÃìºÒ§µÑǨеÃǨËÒª×èÍâÎʵìâ´ÂÍѵâ¹ÁѵԨҡä;ÕáÍ´à´ÃÊ·Õè¨Ñºä´é ¡ÒõÃǨ¨Ñº¡ç¤×Í Á͹ÔàµÍÃìÇèÒÁÕá¾ç¡à¡µ¡ÒÃÃéͧ¢ÍµÃǨËÒª×èÍâÎʵì¨Ò¡à¤Ã×èͧã´ã¹Í§¤ì¡Ã ¹Í¡¨Ò¡¹Õé¡çãËéãªéÇÔ¸ÕËÅÍ¡â´Â¡ÒÃÊè§á¾ç¡à¡µ·ÕèÁÕ ¡ÒûÅÍÁä;ÕáÍ´à´Ãʵ鹷ҧ ¨Ò¡¹Ñ鹡çãËéÊѧࡵÇèÒá¾ç¡à¡µÁÕ¡ÒÃÃéͧ¢ÍµÃǨËÒª×èÍâÎʵìâ´Â´Ù¨Ò¡ËÁÒÂàÅ¢ä;չÕéËÃ×ÍäÁè ¶éÒÁÕ¡çãËéʧÊÑÂÇèÒ à¤Ã×èͧ¹Ñé¹ÁÕ Ê¹Ô¿à¿ÍÃìÍÂÙè ÇÔ¸Õ source - route
ÇÔ¸Õ¹Õéà»ç¹ÇÔ¸Õ·ÕèãªéÊÓËÃѺµÃǨ¨ÑºÊ¹Ô¿à¿ÍÃì·ÕèÁÒ¨Ò¡·ÕèÍ×è¹ËÃ×ÍÁÒ¨Ò¡à«¡àÁ¹µì¢éÒ§à¤Õ§ÁÕ¢Ñ鹵͹´Ñ§¹Õé Êè§á¾ç¡à¡µ ping ¢éÒÁà«¡àÁ¹µìÍÍ¡ä»Âѧà¤Ã×èͧ æ ˹Ö觷Õè૵äÇéÇèÒ¨ÐäÁèµÍº¡ÅѺä»ãËé ¶éÒä´éÃѺ¡Òõͺ¡ÅѺÁÒ¡çáÊ´§ÇèÒÀÒÂã¹à«¡àÁ¹µì¹Ñé¹ÁÕà¤Ã×èͧ·Õèãªéâ»Ãá¡ÃÁʹԿà¿ÍÃìÍÂÙè ÇÔ¸Õ decoy ¢³Ð·ÕèÇÔ¸Õ ping áÅÐ ARP ¹Ñé¹ÊÒÁÒöãªé੾ÒÐà¤Ã×èͧ·ÕèÍÂÙ躹à¤Ã×Í¢èÒÂà´ÕÂǡѹ áµèÇÔ¸Õ decoy ¹Õé¨ÐÊÒÁÒöãªéä´é·Ø¡Ê¶Ò¹·Õè à¹×èͧ¨Ò¡ºÒ§â»ÃⵤÍÅ͹ØÒµÔãËéãªéÃËÑʼèҹẺ "pain text" áÅÐáΡà¡ÍÃì¡ç¾ÂÒÂÒÁ·Õè¨ÐÁͧËÒÃËÑʼèÒ¹¹Ñé¹ æ â´Â¡ÒÃʹԿ ÇÔ¸Õ¡Òâͧ decoy ¹Ñ鹤×ÍÊÃéÒ§ä¤Åà͹µì«Öè§ÃѹʤÃÔ»µì㹡Òà logon ÊÙèà«ÔÃì¿àÇÍÃìâ´Âãªé telnet, POP/IMAP ËÃ×Íâ»ÃⵤÍÅÍ×è¹·ÕèµéͧÊè§ÃËÑʼèÒ¹ â´Âã¹à«ÔÃì¿àÇÍÃì ¹Ñé¹ ¨ÐÁպѪվÔàÈÉ·ÕèµÑé§äÇéËÅÍ¡àÁ×èÍáΡà¡ÍÃìä´éºÑªÕáÅÐÃËÑʼèÒ¹¡ç¨Ð¾ÂÒÂÒÁÅçÍ¡ÍÔ¹à¢éÒÁÒ ÇÔ¸ÕâÎʵì
â´ÂÁÒ¡àÃÒÊÒÁÒöµÃǨÇèÒÁÕ¡ÒÃà»Ô´âËÁ´áºº promiscuous â´Âãªé¤ÓÊÑè§ "if config -a" «Ö觨Ðä´é¼ÅÅѾ¸ì´Ñ§µèÍ仹Õé #ifconfig -a loOLflag=849mtu8232 inet 127.0.0.1 netmark ff000000 hmenO:flags=863mtu1500 inet 192.0.2.99 netmask ffffff00 broadcast 192.0.2.255 Ether 8:0:20::90:9c:a2:98
´Ñ§¹Ñé¹ÍÂèÒ§áá·ÕèáΡà¡ÍÃìµéͧ·Ó¤×͵éͧ«è͹ËÃ×Í»ÅÍÁá»Å§â»Ãá¡ÃÁ itconfig à¾×èÍ»¡»Ô´ ´Ñ§¹Ñé¹¼Ùé´ÙáÅÃкº¨Ö§¨Óà»ç¹µéͧµÃǨÊͺâ»Ãá¡ÃÁ ifconfig à»ç¹»ÃШÓà¾×èÍ»éͧ¡Ñ¹¡ÒûÅÍÁá»Å§â»Ãá¡ÃÁ ÇÔ¸Õ latency
ÇÔ¸Õ¹Õéà»ç¹ÃٻẺ˹Öè§ ·Õèãªé»ÃÐÊÔ·¸ÔÀÒ¾¢Í§à¹çµàÇÔÃì¡ÁÒªèÇ»éͧ¡Ñ¹ ¤×Íãªé¡ÒÃÊÃéÒ§á¾ç¡à¡µËÅÍ¡¢Öé¹ÁÒà¢éÒÊÙèà¤Ã×Í¢èÒ ã¹à¤Ã×èͧ·Õèà»Ô´â»Ã´ promiscous ¨ÐÁÕ¼ÅÁҡ㹡Ãкǹ¡ÒÃÊ觼èÒ¹¢éÍÁÙÅ ÇÔ¸Õ§èÒÂ æ «Öè§ÊÒÁÒöµÃǨÊͺà¤Ã×èͧ·Õèà»Ô´â»Ã´ promiscous ¤×Íà»ÃÕºà·ÕºàÇÅҵͺÃѺ ¨Ò¡à¤Ã×èͧ¡è͹ÁÕ¡ÒÃâËÅ´áÅÐËÅѧÁÕ¡ÒÃâËÅ´à»ÃÕºà·Õº¡Ñ¹ ÍÂèÒ§äáçµÒÁÇÔ¸Õ¡ÒùÕéÍÒ¨¨ÐÊÃéÒ§»ÑËÒàÃ×èͧÊÁÃö¹Ð¡Ò÷ӧҹâ´ÂÃÇÁãËé¡Ñº à¤Ã×Í¢èÒÂã¹¢³Ð·´Êͺä´é àÃÒÊÒÁÒöÃѺʹԿà¿ÍÃ캹à¤Ã×Í¢èÒ·ÕèãªéÊÇÔµªìä´éÍÂèÒ§äÃ
ã¹·ÄÉ®ÕáÅéÇàÃÒäÁèÊÒÁÒö´Ñ¡¨Ñºá¾ç¡à¡µã¹à¤Ã×Í¢èÒ·ÕèãªéÊÇÔµªìä´é áµè㹡Òû¯ÔºÑµÔ¨ÃÔ§ÁÕËÅÒÂÇÔ¸Õ¤×Í ÊÇÔµªì Jamming
ÊÇÔµªìºÒ§ÃØè¹¹Ñé¹ÊÒÁÒöà»ÅÕ蹨ҡÃкº "bridging" à»ç¹Ãкº "repeating" (Ê觷ءà¿ÃÁä»·Ø¡¾ÍÃìµ) ä´é â´Â¡Ò÷ÓãËéµÒÃÒ§à¡çºáÍ´à´Ãʢͧ ÊÇÔµªìà¡Ô´Åé¹´éÇÂáÁ¤áÍ´à´ÃÊ·Õè¼Ô´ æ ¨Ó¹Ç¹ÁÒ¡ ¡Ò÷ÓãËéÅé¹¹Õé·Óä´éâ´ÂÊè§ÊÒ¢éÍÁÙÅ¢ÂШӹǹÁÒ¡·ÕèÊØèÁÁÒä»ÂѧÊÇÔµªì à»ÅÕè¹·ÔÈ·Ò§àÍÍÒÃì¾Õ (ARP Redirect)
á¾ç¡à¡µàÍÍÒÃì¾Õ¨Ðà¡çº·Ñé§áÁ¤áÍ´à´ÃÊáÅÐáÁ¤áÍ´à´ÃÊ·Õèµéͧ¡ÒÃÃÙé ¡µÑÇÍÂèÒ§àªè¹ Alice µéͧ¡ÒÃËÒáÁ¤áÍ´à´Ãʢͧ Bob «Öè§ÁÕä;ÕáÍ´à´Ê ¤×Í "192.0.2.2" ´Ñ§¹Ñé¹ Alice µéͧÊ觤ÓÃéͧ¢ÍàÍÍÒÃì¾Õ´éÇ¢éÍÁÙŵèÍ仹Õé - Operation Request Alice 192.0.2.173 00-40-05-A4-79-32 Bob 192.0.2.1 ?? ?? ?? ?? ?? ??
¡ÒÃáÅ¡à»ÅÕè¹¢éÍÁÙŨÐà»ç¹´Ñ§¹Õé¤×Í Alice ¨ÐÊè§ä;Õá¾ç¡à¡µä»Âѧ Bob à¾×èÍËÒáÁ¤áÍ´à´Ãʢͧ Bob â´Âãªé¡ÒáÃШÒÂàÁ×èÍ Bob ä´éÃѺ¡ç¨ÐÊè§ áÁ¤áÍ´à´ÃÊ¡ÅѺä»ËÒ Alice àÁ×èÍ Bob µéͧ¡ÒèÐÊè§ä;Õá¾ç¡à¡µä»ËÒ Alice ¹Ñé¹ ã¹·Ò§·ÄÉ®Õ Bob ¨ÐµéͧÊ觤ÓÃéͧ¢ÍàÍÍÒÃì¾Õä»Âѧ Alice à¾×èÍ¢ÍáÁ¤áÍ´à´ÃÊ áµèÇèÒ Bob äÁèµéͧà¾ÃÒÐ Bob ÊÒÁÒö¨ÓáÁ¤áÍ´à´Ãʢͧ Alice ä´éàÁ×èÍ Alice Ê觤ÓÃéͧ¢ÍàÍÍÒÃì¾ÕÁÒ¢Í㹤ÃÑé§áá 㹤ÇÒÁ¨ÃÔ§áÅéÇ·Ø¡à¤Ã×èͧã¹à¤Ã×Í¢èÒ¨ÐàË繤ÓÃéͧ¢Íà¾ÃÒÐÇèÒà»ç¹á¾ç¡à¡µáºº¡ÃШÒ ´Ñ§¹Ñ鹶éÒ Charles µéͧ¡Òà ping ä»ËÒ Alice ¡çäÁè¨Óà»ç¹ µéͧ¢ÍàÍÍÒÃì¾Õ¢Í§ Alice à¾ÃÒÐÇèÒ Charles à¡çºáÁ¤áÍ´à´ÃÊäÇéáÅéÇ áÁéÇèÒ¨ÐäÁèà¡ÕèÂÇ¢éͧ¡Ñº¡ÒÃáÅ¡à»ÅÕè¹㹤ÃÑé§áá ¡ÒáÃШÒ¹Ñ鹨ÐÊè§ä»Âѧ·Ø¡à¤Ã×èͧ·ÕèÍÂÙèã¹ÍÕà¸ÍÃìà¹çµÊÇÔµªì ´Ñ§¹Ñ鹨֧ÊÒÁÒöËÅÍ¡ÊÇÔµªì â´ÂÊè§àÍÍÒÃì¾Õ·ÕèÍéÒ§à»ç¹à¤Ã×èͧÍ×è¹ àªè¹ ¼ÙéºØ¡ÃØ¡¡ÃШÒ àÍÍÒÃì¾Õâ´ÂÍéÒ§ÇèÒà»ç¹àÃÒàµÍÃì «Öè§ã¹¡Ã³Õ¹Õé·Ø¡ æ à¤Ã×èͧ¨Ð¾ÂÒÂÒÁËÒàÊé¹·Ò§à¤Ã×èͧ¼ÙéºØ¡ÃØ¡ ËÃ×ÍÊ觤ÓÃéͧ¢ÍàÍÍÒÃì¾Õä»ÂѧáÁ¤áÍ´à´ÃʢͧàËÂ×èÍ â´ÂÍéÒ§ÇèÒà»ç¹àÃÒàµÍÃì «Öè§àËÂ×èÍ¡ç¨ÐÊè§á¾ç¡à¡µ¼èÒ¹à¤Ã×èͧ·ÕèËÅÍ¡ÁÒ à»ÅÕè¹·ÔÈ·Ò§äÍ«ÕàÍçÁ¾Õ (ICMP Redirect)
äÍ«ÕàÍçÁ¾ÕÃÕä´àä¨ÐºÍ¡ãËéà¤Ã×èͧÊè§á¾ç¡à¡µä»ã¹àÊé¹·Ò§·ÕèµèÒ§ÍÍ¡ä» Â¡µÑÇÍÂèÒ§àªè¹ÁÕ Êͧ«Ñºà¹çµã¹à«ç¡àÁ¹µìà´ÕÂǡѹ â´Â Alice ÍÂÙ躹«Ñºà¹çµ ˹Ö觵éͧ¡ÒäØ¡Ѻ Bob ·ÕèÍÂÙèÍÕ¡«Ñºà¹çµË¹Öè§ áµè·Ñ駤Ùè¨ÐäÁèÃÙéÇèÒÍÂÙ躹ૡàÁ¹µìà´ÕÂǡѹ áµèÇèÒàÃÒàµÍÃìÃÙé àÁ×èÍ Alice Êè§á¾ç¡à¡µä»ÂѧàÃÒàµÍÃìâ´ÂÊ¶Ò¹Õ »ÅÒ·ҧ¤×Í Bob àÃÒàµÍÃì¡ç¨ÐÊè§äÍ«ÕàÍçÁ¾ÕÃÕä´àää»Âѧ Alice ÇèÒãËéÁѹÊè§á¾ç¡à¡µä»ãËé Bob â´ÂµÃ§ä´éàÅ áΡà¡ÍÃì¹Ñ鹨ÐÊÒÁÒöËÅÍ¡ä´éâ´Â ¡ÒÃÊè§ÃÕä´àää»Âѧ Alice áÅéÇ Alice ¨Ðà¢éÒ㨼Դ¨Ö§µéͧÊè§á¾ç¡à¡µ¢Í§ Bob ä»ãËéáΡà¡ÍÃì »ÃСÒȵÑÇàͧÇèÒà»ç¹àÃÒàµÍÃì
äÍ«ÕàÍçÁ¾ÕàÃÒàµÍÃìáÍ´àÇÍÃì·ÔÊàÁ¹µì ¨Ðá¨é§ãËé·Ø¡¤¹·ÃÒºÇèÒã¤Ãà»ç¹àÃÒàµÍÃìáΡà¡ÍÃìÊÒÁÒöÊè§á¾ç¡à¡µàËÅèÒ¹ÕéÍÍ¡ä»â´ÂÍéÒ§ÇèÒà»ç¹àÃÒàµÍÃì ·Ø¡¤¹¡ç¨Ðàª×èÍáÅÐÊè§á¾ç¡à¡µ¼èÒ¹áΡà¡ÍÃì »ÃѺ¡Ò÷ӧҹ¢Í§ÊÇÔµªì
ÊÇÔµªìÊèǹÁÒ¡¨Ð͹ØÒµãËé»ÃѺµÑ駾ÍÃìµ "monitor" ËÃ×Í "span" ä´é «Ö觨ÐÊÓà¹Ò¡ÒÃÊè§á¾ç¡à¡µºÒ§ÊèǹËÃ×Í·Ñé§ËÁ´·Õè¼èÒ¹ÊÇÔµªìä»Âѧ¾ÍÃìµ¹Õé ã¹ ¤ÇÒÁà»ç¹¨ÃÔ§áÅéǾÍÃìµàËÅèÒ¹Õéä´éÃѺ¡ÒÃÍ͡ẺÁÒÊÓËÃѺ¡ÒõÃǨ¨Ñºá¾ç¡à¡µàÁ×èÍà¤Ã×Í¢èÒÂÁÕ»ÑËÒ áΡà¡ÍÃìÊÒÁÒöà·Åà¹çµä»ÂѧÊÇÔµªìËÃ×ͨРÃդ͹¿Ô¡´éÇ SNMP ¡çä´é «Öè§ÊÇÔµªìÊèǹÁÒ¡¨ÐµÔ´µÑ駴éÇÂÃËÑʼèÒ¹´Õ¿Íŵì Ê觷éÒÂ
ʹԿà¿ÍÃìÂѧ¤§à»ç¹à¤Ã×èͧÁ×ÍÂÍ´¹ÔÂÁã¹ËÁÙèáΡà¡ÍÃì ¼Ùé´ÙáÅÐÃкº¨Óà»ç¹µéͧËÁÑè¹µÃǨµÃÒáÅФÍÂÃÐÁÑ´ÃÐÇѧ¡ÒõԴµÑé§ÊµÔ¿à¿ÍÃìã¹à¤Ã×èͧ à¹×èͧ¨Ò¡à»ç¹ÇÔ¸Õ¡Ò÷Õè§èÒÂ㹡ÒõԴµÑé§áÅÐÍÒ¨¾ºä´éàÊÁÍã¹Ãкº·Õè¢Ò´¡ÒôÙáÅ
Create Date : 27 ¾ÄȨԡÒ¹ 2551 |
|
0 comments |
Last Update : 27 ¾ÄȨԡÒ¹ 2551 15:38:58 ¹. |
Counter : 1525 Pageviews. |
|
|
|