saysil
Location :


[ Profile ]

ԻҢͧ Blog [?]
ҡͤѧ
Rss Feed

Դ͡ : 1 [?]




Group Blog
 
 
Ȩԡ¹ 2551
 
 1
2345678
9101112131415
16171819202122
23242526272829
30 
 
27 Ȩԡ¹ 2551
 
All Blogs
 
Friends' blogs
[Add saysil's blog to your web]
Links
 

 

SNIFFER network wiretap

ʹԿͷ¡ network wiretap 觷˹ҷѡѺࡵ͢ ʹԿжʹࡵ 纺ѹ֡Դ駹ҹʹԿ֧˹觷Ρͧ· ѡѺ ੾ҧ觪ͺѭʼҹ͹к蹵
ҨʹԿѺ

ǹҡǨաʹԿͧٻẺ 㹡úاѡ͢ úءء ҧ蹡 ѭҢͧ͢ҷͧ 1 öԴ͡Ѻͧ 2 ԷҾͧкѭҤ͢Ǵ õǨѺҼءءк
÷ӧҹͧʹԿ

Ũ絹ҧҨҡѡ ءͧ͢͢ǡѹµǡҧǡѹ ¤ ءͧѺࡵµǡҧ ѧ絨֧١ҧҾѺǡͧ觨ʹࡵ 觶֧ ¡õǨʹ ʹԿлԴ÷ӧҹͧ кѧѺ͢С÷ӧҹ¡ "promiscuous mode"
ʹԿǹ˭ӧҹѺ絡᷺ءẺ ͨѺŢ й㹺ѿ ¡èѺ 2 ѺŨз觺ѿ ѿẺ round-robin (¹Ѻŷҷش) ҧԴ ( BlackICE Sentry IDS ͧ Network ICE) öʡ繺ѿẺ round-robin 㹡èѺŷ 100 mbps 觷պѿ좹Ҵ¡ԡ亵 ᷹੾˹¤ӷբҴӡѴ
ҧö֧лͧѹҴѡѺ

öͧѹôѡѺŨҡ͢ͷôѡѺҡ öͧѹôѡѺŨҡ¹͢͡ Ըշշش㹡ûͧѹŤ ʢ ж֧ҼöѡѺ öҹ Ըշ㹡 ʢ մѧ

SSL "Secure Socket Layer"
ҧ 㹡ʢżҹǹ˭ 㹸á硷͹ԡ蹡á͡ŢͧôԵ

PGP S/MIME
E-mail ö١ѡѺҡ·ҹ Ըշշش㹡ûͧѹŢͧ mail ͡ʢŹͧк PGP (Pretty Good Privacy) S/MIME
Ssh "Secure Shell"

Ѻ͡Թҹкٹԡ ssh 㹡ʢͻͧѹôѡѺ ssh ͡Ẻ᷹ telnet
ҧö֧ôѡѺҡ

¹ҡѺԵԸա÷·ش㹡ûͧѹдѺ Ըա蹹ѧըش͹㹷ҧԺѵ Եѧաҧ ࡵʹʫ繨ش͹ءءöࡵ ARP ҹ
͡ҡΡԸ "router redirection" Ըպ͡鹷ҧࡵҼءء¼ءءл;ʹ ʵҧ ͢㨼ԴҼءءࡵͧͧءء
кͧѹǹ˭ͧͪµǨͺ Expert Sniffer 觤µǨͺúءء ҧ BlackICE IDS кԺѵԡԹ 觨ФµǨͺ駵ͼкաúءءԴ
·仺ᴻö˹Ţʹͧ ѧ鹨֧繨ش͹ءءһŢʹ ¡ûѺ¹Ţʹ 촹 ¼ءءöҧࡵŢʹԵѡ Ţʹ ԵѡŢʹǷŢʹʹ繢ͧءء
ԸյǨʹԿ

㹷ҧɮչշҧöǨͺʹԿ ҵ鹨ҧѺ蹷 ʹԿ鹷ӧҹẺ "" (passive) Ǥ§ѡѺࡵҹ աࡵ ͡
㹷ҧԺѵԨԧ շҧԸշöǨʹԿ ӾѧʹԿͧ աࡵ͡ ҹ仵Դ駺ͧ ʹԿ鹡Ҩաࡵ͡ Ҩաͧͺԡô ͧͧ;ʹʷʹԿѺ繵 ժͧҧǨͧʹԿ Ըշ价㹡õǨ ʹԿ մѧ
Ping

ͧ١ԴʹԿѧӧҹԡ ԫ¤Ҷͧͺԡ ͧҹ鹡еͺѺ ෤Ԥ ˹觡ࡵͧѧ;ʹʢͧͧ ͧҧࡵèʹʢͧͧ Ԩó 鹵͹仹
ͧʧʹԿ ;ʹ 10.0.0.1 ʹҡѺ 00-40-05-A4-79-32
ͧǨͺૡǡѺͧʧʹԿ ҡͧǨͺҧࡵè ʹʷԧૡ ¹ 00-40-05-A4-79-33
"ICMP Echo Requrest" (ping) ʹ ѧͧʧʹԿ 㹷 10.0.0.1
ءͧѺࡵʹ㨵ࡵ ͧҡͧ㴷ʹʹ ¡ͧ١ԴʹԿ ͺѺ ͧ纷ءࡵʹʹ ࡵ鹡١觵ѧⵤдѺͧҡ; ʹʷ觶֧ͧ
෤Ԥз麹Ũ ԵͺԴ Ե쾺ʹʷѡСШࡵѧءͧ ૡ
öԷҾԸա ping ѧ
ⵤŻաաõͺѺ UDP echo ( 7)
ҨࡵբͼԴҴѧͧʧ ࡵ;δԴҴ ͧҵͧõǨͺ ECMP Ѻ
Ը ARP

Ը ARP Ф ѺԸ Ping ࡵ ARP ᷹ ࡵ ARP ͡ʹʻ·ҧ繤㴡 ૡ жաõͺáѺ ʴͧŢ;ʹʹ promiscuous
Ը DNS

ʹԿҧǨеǨҪʵѵѵԨҡ;ʹʷѺ
õǨѺ ͹ࡵͧ͵ǨҪʵҡͧͧ ͡ҡԸ͡¡ࡵ û;ʹʵ鹷ҧ ҡ鹡ѧࡵࡵաͧ͵ǨҪʵ´٨ҡŢ;չ աʧ ͧ ʹԿ
Ը source - route

ԸչԸշѺǨѺʹԿҨҡҨҡૡҧ§բ鹵͹ѧ
ࡵ ping ૡ͡ѧͧ ˹觷૵ҨͺѺ
ѺõͺѺҡʴૡͧʹԿ
Ը decoy
зԸ ping ARP ö੾ͧ躹͢ǡѹ Ը decoy öءʶҹ
ͧҡҧⵤ͹حҵʼҹẺ "pain text" Ρͧʼҹ ¡ʹԿ Ըաâͧ decoy 鹤ҧ͹ѹʤԻ㹡 logon telnet, POP/IMAP ⵤ蹷ͧʼҹ պѭվɷ͡Ρѭʼҹо͡Թ
Ըʵ

ҡöǨաԴẺ promiscuous "if config -a" 觨Ѿѧ仹
#ifconfig -a
loOLflag=849mtu8232
inet 127.0.0.1 netmark ff000000
hmenO:flags=863mtu1500
inet 192.0.2.99 netmask ffffff00 broadcast 192.0.2.255
Ether 8:0:20::90:9c:a2:98

ѧҧáΡͧӤ͵ͧ͹ͻŧ itconfig ͻԴ ѧ鹼к֧繵ͧǨͺ ifconfig 繻Шͻͧѹûŧ
Ը latency

ԸչٻẺ˹ ԷҾͧҪ»ͧѹ ҧࡵ͢͡ ͧԴô promiscous ռҡ㹡кǹ觼ҹ Ըէ öǨͺͧԴô promiscous ººҵͺѺ ҡͧ͹աŴѧաŴººѹ ҧáԸաùҨҧѭͧöС÷ӧҹѺ ͢㹢зͺ
öѺʹԿ캹͢·Եҧ

㹷ɮöѡѺࡵ͢·Ե 㹡ûԺѵԨԧԸդ
Ե Jamming

Եҧ蹹ö¹ҡк "bridging" к "repeating" (觷ء价ء) ¡÷ҧʹʢͧ ԵԴ鹴ʹʷԴ ӹǹҡ ÷鹹¢ŢШӹǹҡѧԵ
¹ȷҧ (ARP Redirect)

ࡵը纷ʹʹʷͧ ¡ҧ Alice ͧʹʢͧ Bob ;ʹ "192.0.2.2" ѧ Alice ͧ觤ͧմ¢ŵ仹
- Operation Request
Alice 192.0.2.173 00-40-05-A4-79-32
Bob 192.0.2.1 ?? ?? ?? ?? ?? ??

š¹Ũ繴ѧ Alice ;ࡵѧ Bob ʹʢͧ Bob áШ Bob Ѻ ʹʡѺ Alice
Bob ͧè;ࡵ Alice 㹷ҧɮ Bob еͧ觤ͧѧ Alice ͢ʹ Bob ͧ Bob öʹʢͧ Alice Alice 觤ͧҢ㹤á
㹤ԧǷءͧ͢¨繤ͧࡵẺШ ѧ鹶 Charles ͧ ping Alice ͧբͧ Alice Charles ʹ ҨǢͧѺš¹㹤á
áШ¹鹨ѧءͧԵ ѧ鹨֧ö͡Ե շҧͧ ءءШ ҧ 㹡óչء ͧо鹷ҧͧءء 觤ͧѧʹʢͧ ҧ ͡ࡵҹͧ͡
¹ȷҧͫ (ICMP Redirect)

ͫäкͧ͡ࡵ鹷ҧҧ͡ ¡ҧ ͧѺǡѹ Alice 躹Ѻ ˹觵ͧä¡Ѻ Bob աѺ˹ 駤躹ૡǡѹ Alice ࡵѧʶҹ ·ҧ Bob ͫäѧ Alice ѹࡵ Bob µç
Ρ鹨ö͡ äѧ Alice Alice 㨼Դ֧ͧࡵͧ Bob Ρ
Сȵͧ

ͫʹ ءҺΡöࡵҹ͡ҧ ءࡵҹΡ
Ѻ÷ӧҹͧԵ

Եǹҡ͹حҵѺ駾 "monitor" "span" 觨ҡࡵҧǹͷҹԵѧ쵹 繨ԧǾҹѺ͡ẺѺõǨѺࡵ͢ջѭ ΡöѧԵͨ դ͹ԡ SNMP ԵǹҡеԴ駴ʼҹտŵ


ʹԿѧͧʹΡ к繵ͧ蹵ǨФѴѧõԴʵԿͧ ͧҡԸա÷㹡õԴҨкҴô




 

Create Date : 27 Ȩԡ¹ 2551
0 comments
Last Update : 27 Ȩԡ¹ 2551 15:38:58 .
Counter : 826 Pageviews.

: * blog comment ੾Ҫԡ
Comment :
  *ǹ comment ö javascript style sheet
 

 Pantip.com | PantipMarket.com | Pantown.com | © 2004 BlogGang.com allrights reserved.