Sponsored Links
This presentation is the property of its rightful owner.
1 / 72

网络攻击与防御 PowerPoint PPT Presentation


  • 120 Views
  • Uploaded on
  • Presentation posted in: General

网络攻击与防御. 1 网络安全基础知识. 网络安全 信息安全 关键技术 安全威胁及分类 威胁来源. 1.1 网络安全 & 信息安全. 网络安全 从其本质上来讲就是网络上的信息安全。它涉及的领域相当广泛,这是因为在目前的公用通信网络中存在着各种各样的安全漏洞和威胁。从广义来说,凡是涉及到网络上信息的 保密性、完整性、可用性、真实性和可控性 的相关技术和理论,都是网络安全所要研究的领域。 确保网络系统的信息安全是网络安全的目标, 信息安全 包括两个方面: 信息的存储安全 和 信息的传输安全 。 信息的存储安全 是指信息在静态存放状态下的安全,如信息是否会被非授权调用等。

Download Presentation

网络攻击与防御

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript



1


1.1 &


1.2


1.3


1.4

Internet



1.5


2

A

1

2

3


B.


C.


1


1

    • Win32IKS

    • Win32snifferUnixlibpcap


    • Win32LOphtcrack

    • IPARPRIP


    • Ping of Death

    • SmurfCPUSyn Flood


    • ShellCodeWindowsCode-RedBlasterSasser

    • 1996PHF

    • Win32AdministratorLSA


3


3.1

  • ,

  • Social Engineering


3.2

  • Ping fpingping sweep

  • ARP

  • Finger

  • Whois

  • DNS/nslookup

  • google

  • telnet


ping

  • Ping


ping

8

Type = 8

Type = 0

0


1

2ICMP


ping

192.168.1.25


1

Reply from 192.168.3.10: bytes=32 time<1ms TTL=32

  • Reply from 192.168.3.10 pingip192.168.3.10

  • bytes=32 32

  • time<1ms1

  • TTL=32TTL032

    2

    Pingwar 2.0ping.


ARP

ARP


finger

  • tcp 79

  • fingerd,finger


finger


whois

  • tcp 43

  • whoisd,finger

  • 1 http://whois.webhosting.info

  • 2 http://samspade.org/


Ip


DNS

  • udp 53

  • bind,nslookup


DNS


telnet

  • ,telnet

  • NC


4


4.1

  • TCP

  • TCP

  • TCP

  • TCP/IP


TCP

  • URG

  • ACK

  • PSHtelnet

  • RSTTCP

  • SYNTCP

  • FIN


TCP


TCP


TCP/IP

  • 1

  • SYNFINRST


TCP/IP

  • 2

  • RSTRST


TCP/IP

  • 3

  • ACKRST


TCP/IP

  • 4

  • FIN


4.2


TCP

SYN

FIN

ping

FTP

TCP

ident

IP

dumb

UDP/ICMP

ACK

UDP

UDPrecvfrom

/write

ACK

XMAS

SYN

TCP

ICMP

SYN/ACK


ClientSYN

ServerSYN/ACK

ClientACK

ClientSYN

ServerRST/ACK

ClientRST


  • SYN

*

ClientSYN

ServerSYN/ACK

ClientACK

ClientSYN

ServerRST/ACK

ClientRST


  • SYN/ACK

ClientSYN/ACK

ServerRST

ClientSYN

Server--


  • FIN

ClientFIN

ServerRST

ClientFIN

Server--


  • ACK

ClientFIN

Server(TTL<64)

Server(WIN>0)

ClientFIN

Server(TTL>64)

Server(WIN=0)


  • ICMP

*ICMP Usage in Scanning


4.3

  • Nmap

  • Xscan

  • SuperScan

  • Shadow Security Scanner

  • MS06040Scanner


Nmap

  • NMAPLinuxWindowsNMAPUDPTCP connect,TCP SYN, ftp proxy (bounce attack),Reverse-ident, ICMP (ping sweep), FIN, ACK sweep,Xmas Tree, SYN sweep, Nulltcp/ip


  • -sT TCP Connect()

    TCP

  • -sS TCP SYN

    connect

  • -sF -sX sN

    Stealth FIN,Xmas Tree Null

  • -sP Ping

    IPICMPecho requestnmapTCP ack80

  • -sU UDP

    UDP


xscan

ping


Superscan


MS06040Scanner

MS06040


MS06040Scannerwindows2000TCP 139 TCP 445MS06040MS06040


5

  • SQL

  • SQL

  • Cookie


5.1 SQL

  • SQL

    SQLSQL

  • SQL


dim rs

admin1=request("admin")

password1=request("password")

set rs=server.CreateObject("ADODB.RecordSet")

rs.open "select * from admin where admin='" & admin1 & "' and password='"& password1 &"'",conn,1

if rs.eof and rs.bof then

response.write"<SCRIPT language=JavaScript>alert('');"

response.write"javascript:history.go(-1)</SCRIPT>"

response.end

else

session("admin")=rs("admin")

session("password")=rs("password")

session("aleave")=rs("aleave")

response.redirect "admin.asp"

end if

rs.close

set rs=nothing

SQL


  • OR =

  • SQL

    select * from admin where admin= 'OR '= 'andpassword= 'OR '=

  • adminpassword


  • '

    admin1=replace(trim(request("admin")),"'","")

    password1=replace(trim(request("password")),"'","")


5.2 SQL

(1)

(2)

(3) /

(4)


Dim Tc_Post,Tc_Get,Tc_In,Tc_Inf,Tc_Xh

'

Tc_In="'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master||or|char|declare"

Tc_Inf = split(Tc_In,"|")

'post

If Request.Form<>"" Then

For Each Tc_Post In Request.Form

For Tc_Xh=0 To Ubound(Tc_Inf)

If Instr(LCase(Request.Form(Tc_Post)),Tc_Inf(Tc_Xh))<>0 Then

Response.Write "<Script Language=JavaScript>alert('');</Script>"

'get

If Request.QueryString<>"" Then

For Each Tc_Get In Request.QueryString

For Tc_Xh=0 To Ubound(Tc_Inf)

If Instr(LCase(Request.QueryString(Tc_Get)),Tc_Inf(Tc_Xh))<>0 Then

Response.Write "<Script Language=JavaScript>alert('');</Script>"


5.3 Cookie

<%owen=request("id")%> ID

Set rsnews=Server.CreateObject("ADODB.RecordSet")

sql="update news set hits=hits+1 where id="&cstr(request("id"))

conn.execute sql

sql="select * from news where id="&owen

rsnews.Open sql,conn,1,1

title=rsnews("title")

if rsnews.eof and rsnews.bof then

response.Write("")

else


  • requestrequest.formpostrequest.querystringgetrequest.cookiescookie

  • <%owen=request("id")%>querystringformcookieservervariable


cookie

  • cookie;,;,,

  • cookie


cookie

  • http://localhost/leichi/onews.asp?id=39


  • javascript:alert(document.cookie=id=+escape(39 and 1=1));cookie


  • http://localhost/leichi/onews.asp


  • Login