Scribd Logo
Carica

Benvenuto in Scribd!

  • Mikrotik Routing 23

    Caricato da

    Muzakir Walad
    51 visualizzazioni46 pagine
    routing your networking

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    routing your networking

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    51 visualizzazioni46 pagine

    Mikrotik Routing 23

    Caricato da

    Muzakir Walad
    routing your networking

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 46

    Fools your enemy with Mikrotik

    BY: DIDIET KUSUMADIHARDJA


    MIKROTIK USER MEETING (MUM) 2016
    JAKARTA, INDONESIA
    14 OCTOBER 2016
    2
    About Me

    Didiet Kusumadihardja
    1. IT Security Specialist
     PT. Mitra Solusi Telematika

    2. Trainer & IT Consultant


     Arch Networks

    MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE

    Didiet Kusumadihardja - didiet@arch.web.id


    3
    PT. Mitra Solusi Telematika

    Gedung TMT 2. GF
    Jl. Cilandak KKO
    Jakarta

    Didiet Kusumadihardja - didiet@arch.web.id


    4

    Global
    IT Security
    Incident

    Didiet Kusumadihardja - didiet@arch.web.id


    5
    Global IT Security Incident 2014

    Entire Network Canceled

    Didiet Kusumadihardja - didiet@arch.web.id


    6
    Global IT Security Incident 2015

    3 Tahun di Hack ( 2012 – 2015)

    Didiet Kusumadihardja - didiet@arch.web.id


    7
    Global IT Security Incident 2016

    500 Juta Account

    3 Miliar Account ???


    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Tech Times
    8

    Indonesia
    IT Security
    Incident

    Didiet Kusumadihardja - didiet@arch.web.id


    9

    INDONESIA
    IS
    SAFE?

    Didiet Kusumadihardja - didiet@arch.web.id


    Source: Akamai
    10
    Indonesia IT Security Incident 2013

    polri.go.id
    2013

    Deface

    Didiet Kusumadihardja - didiet@arch.web.id


    Motive: Fame?
    11
    Indonesia IT Security Incident 2016

    Teman Ahok

    DDoS Attack

    Didiet Kusumadihardja - didiet@arch.web.id


    Motive: Politics?
    12
    Indonesia IT Security Incident 2016

    Videotron

    Kebayoran Baru
    Jakarta Selatan

    Didiet Kusumadihardja - didiet@arch.web.id


    Motive: Curiosity?
    13

    IT Security
    Trends

    Gak Perlu
    Pinter Buat
    Hacking
    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Carnegie Mellon University
    14
    Hacking Tools Example

    Cain & Abel


    Kali Linux
    Didiet Kusumadihardja - didiet@arch.web.id
    15

    Cybercrime as
    a Service (CaaS)

    Modern Business

    Didiet Kusumadihardja - didiet@arch.web.id


    Source: SCMagazine
    16

    How Hackers
    do it?

    Didiet Kusumadihardja - didiet@arch.web.id


    17
    Hacking Phase

    1.Reconnaissance
    2.Scanning
    3.Gaining Access
    4.Maintaining Access
    5.Clearing Tracks
    Didiet Kusumadihardja - didiet@arch.web.id
    Source: Ethical Hacking by EC-Council
    18
    Hacking Phase (Cont’d)

    1.Reconnaissance
    Information Gathering Device Type

    OS Detail Open Port

    2.Scanning Application
    Version
    Vulnerability

    3.Gaining Access Exploit Vulnerability


    Backdoors

    4.Maintaining Access Escalate Privilege

    5.Clearing Tracks
    Data harvesting

    Delete/overwrite Event/Logs
    Didiet Kusumadihardja - didiet@arch.web.id
    19
    Hacking Phase Analogy

    1.Reconnaissance
    2.Scanning
    3.Gaining Access
    4.Maintaining Access
    5.Clearing Tracks
    Didiet Kusumadihardja - didiet@arch.web.id
    20
    When we fools them?

    1.Reconnaissance
    2.Scanning
    3.Gaining Access
    4.Maintaining Access
    5.Clearing Tracks
    Didiet Kusumadihardja - didiet@arch.web.id
    21
    Why at Scanning Phase?

    TELNET SSH

    Didiet Kusumadihardja - didiet@arch.web.id


    22
    Scanning Tools

    SoftPerfect Network Scanner

    The Dude

    Didiet Kusumadihardja - didiet@arch.web.id


    23

    How to fools
    them?

    Didiet Kusumadihardja - didiet@arch.web.id


    24
    Use a bait

    Hacker
    Bait

    Didiet Kusumadihardja - didiet@arch.web.id Honey Pot


    25
    Web Server Example

    Web Server
    =
    HTTP HTTPS
    Didiet Kusumadihardja - didiet@arch.web.id
    26
    Confuse your enemy

    HTTP HTTPS

    Didiet Kusumadihardja - didiet@arch.web.id


    27
    Server Farm Network Example

    SERVER X

    192.168.1.2  DNS Server


    192.168.1.5  Web Server
    192.168.1.10  DB Server
    192.168.1.15  Mail Server
    Didiet Kusumadihardja - didiet@arch.web.id
    192.168.1.0/24
    28
    Confuse your enemy

    192.168.1.1  Fake Server 1


    192.168.1.2  DNS Server
    192.168.1.3  Fake Server 2
    192.168.1.4  Fake Server 3
    192.168.1.5  Web Server
    192.168.1.6  Fake Server 4
    192.168.1.7  Fake Server 5
    192.168.1.8  Fake Server 6
    192.168.1.9  Fake Server 7
    192.168.1.10  DB Server
    192.168.1.11  Fake Server 8
    192.168.1.12  Fake Server 9
    192.168.1.13  Fake Server 10
    192.168.1.14  Fake Server 11
    192.168.1.15  Mail Server 192.168.1.0/24
    Didiet Kusumadihardja - didiet@arch.web.id
    29

    How we do it
    with Mikrotik?

    Didiet Kusumadihardja - didiet@arch.web.id


    30

    NAT
    (Network Address Translation)

    Didiet Kusumadihardja - didiet@arch.web.id


    31

    Fake NAT

    Didiet Kusumadihardja - didiet@arch.web.id


    32
    Fake Ports at your Web Server

    HTTP & HTTPS to


    Legitimate Server

    Other Ports to
    Fake Server

    Didiet Kusumadihardja - didiet@arch.web.id


    33
    Simple NAT for Web Server

    NAT (Port Mapping)

    INTERNET

    ROUTER WEB SERVER


    192.168.2.3
    Didiet Kusumadihardja - didiet@arch.web.id Chain Action
    34
    Add Additional NAT for Bait

    Chain Action

    Web Server
    192.168.2.3 Fake Server
    (Honey Pot)
    192.168.2.4

    Didiet Kusumadihardja - didiet@arch.web.id


    35
    Fake Server at your Server Farm Network

    Only one legitimate


    server

    Others are Fake Server

    Didiet Kusumadihardja - didiet@arch.web.id


    36
    Another Example

    Chain Action

    Web Server Fake Server


    192.168.2.3 (Honey Pot)
    192.168.2.4

    Didiet Kusumadihardja - didiet@arch.web.id


    37
    Combine with Honey Pot

    KFSensor
    Didiet Kusumadihardja - didiet@arch.web.id Others HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes
    38
    What Hacker See (NMAP)

    Nmap / Zenmap

    Before After
    Didiet Kusumadihardja - didiet@arch.web.id
    39
    What Hacker See (SoftPerfect NetScan)

    SoftPerfect Network Scanner

    Before After
    Didiet Kusumadihardja - didiet@arch.web.id
    40
    I don’t want to use HoneyPot

    Step 1: Chain

    Step 2: Action

    Didiet Kusumadihardja - didiet@arch.web.id


    41
    What we see, If someone PING

    SRC-MAC ADDRESS
    SRC-IP ADDRESS
    Didiet Kusumadihardja - didiet@arch.web.id
    42
    What we see, If someone NMAP

    Mikrotik LOG:

    Didiet Kusumadihardja - didiet@arch.web.id


    43
    The Dude, Hotspot & Userman

    IP Address  MAC Address  User ID  Person


    Didiet Kusumadihardja - didiet@arch.web.id
    44
    Use Case 1

    University

    Internet Café
    (WARNET) Insider Threat

    Didiet Kusumadihardja - didiet@arch.web.id


    Office
    45
    Use Case 2

    http://public.honeynet.id

    Research

    For Fun
    Analytics Learn hacking method
    (Low Interaction Honeypot) from hacker / script kiddies
    Didiet Kusumadihardja - didiet@arch.web.id (High Interaction Honeypot)
    46

    DIDIET KUSUMADIHARDJA

    Thank you
    .
    .
    Question?
    didiet@arch.web.id
    http://didiet.arch.web.id/
    https://www.facebook.com/ArchNetID/
    Didiet Kusumadihardja - didiet@arch.web.id

    Potrebbero piacerti anche