1 / 14

Proses Serangan terhadap Jaringan Komputer

Proses Serangan terhadap Jaringan Komputer. Reconnaissance dan footprinting Scanning Enumerasi Mendapatkan Akses Eskalasi Membuat Backdoor dan menyembunyikan jejak. Reconnaissance. Fase persiapan awal

kin
Download Presentation

Proses Serangan terhadap Jaringan Komputer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proses SeranganterhadapJaringanKomputer

  2. Reconnaissance danfootprinting • Scanning • Enumerasi • MendapatkanAkses • Eskalasi • Membuat Backdoor danmenyembunyikanjejak

  3. Reconnaissance • Fasepersiapanawal • Mencariinformasisebanyak-banyaknyamengenaitarget/korbansebelummelakukanserangan • Informasibisadidapatdari target/korbanmaupuntempat lain ygterkaitdenganterkait/korban

  4. footprinting • Cetakbirudari profile korban/target • Faseinimemakanwaktu 90% dariattacker dalammelakukanaksinya (10% untukmenyerangtarget) • Foot-printing perludibuatsecarasistematikuntukmemastikansemuainformasiygterkumpuldanakandigunakanterkaitdengan target

  5. KOMPAS.COM Registrant: PT Kompas Media Nusantara JalanPalmerah Selatan 26-28 Jakarta, Jakarta 10270 ID Domain name: KOMPAS.COM Administrative Contact: Division, Internet admin@vic.com JalanPalmerah Selatan 26-28 Jakarta, Jakarta 10270 ID 1(888)811-8681 Technical Contact: Administration, VIC DNS hostmaster@vic.com P.O. Box 31571 Knoxville, TN 37930 US 865 470 7851 Fax: 865 470 7369 Registration Service Provider: Virtual Interactive Center, admin@vic.com 865 524 8888 865 524 0740 (fax) Please contact us for domain login/passwords, DNS/Nameserver changes, and general domain support questions. Registrar of Record: TUCOWS, INC. Record last updated on 09-Dec-2004. Record expires on 17-Dec-2006. Record created on 18-Dec-1995. Domain servers in listed order: NS.VIC.COM 64.203.64.10 NS2.VIC.COM 64.203.64.11 Domain status: ACTIVE

  6. Scanning • Scanning can be compared to a thief checking all the doors and windows of a house he wants to break into. • Scanning- The art of detecting which systems are alive and reachable via the internet and what services they offer, using techniques such as ping sweeps, port scans and operating system identification, is called scanning. The kind of information collected here has to do with the following: 1) TCP/UDP services running on each system identified. 2) System architecture (Sparc, Alpha, x86) 3) Specific IP address of systems reachable via the internet. 4) Operating System type.

  7. PING SWEEPS ICMP SWEEPS ICMP ECHO request ICMP ECHO reply Intruder Target alive Querying multiple hosts – Ping sweep is fairly slow Examples UNIX – fping and gping WINDOWS - Pinger

  8. Broadcast ICMP Intruder Network ICMP ECHO reply ICMP ECHO request ICMP ECHO reply ICMP ECHO reply Can Distinguish between UNIX and WINDOWS machine UNIX machine answers to requests directed to the network address. WINDOWS machine will ignore it.

  9. PING SWEEPS NON – ECHO ICMP Example ICMP Type 13 – (Time Stamp) • Originate Time Stamp - The time the sender last touched the message before sending • Receive Time Stamp - The echoer first touched it on receipt. • Transmit Time Stamp - The echoer last touched on sending it.

  10. PING Sweeps TCP Sweeps C(SYN:PortNo & ISN) S (SYN & ISN) + ACK[ C (SYN+!) ] RESET (not active) Client Server S(ISN+1) When will a RESET be sent? When RFC does not appear correct while appearing. RFC = (Destination (IP + port number) & Source( IP & port number))

  11. Port Scanning Types • TCP Connect() Scan SYN packet SYN/ACK listening RST/ACK (port not listening) SYN/ACK A connection is terminated after the full length connection establishment process has been completed

  12. Enumeration • Enumeration extracts information about: • Resources or shares on the network • User names or groups assigned on the network • Last time user logged on • User’s password • Before enumeration, you use Port scanning and footprinting • To Determine OS being used • Intrusive process

More Related