Está en la página 1de 13

I HC QUC GIA THNH PH H CH MINH I HC KHOA HC T NHIN KHOA IN T VIN THNG

N MN HC AN NINH MNG
ti : TN CNG GI MO ARP CACHE DNG CAIN & ABEL

GVHD: ThS. V Minh Sn Nhm sinh vin thc hin 1. Nguyn Mnh ng 2. Nguyn Quc Thng 3. Nng Vit Bnh 4. H Quc Dng 5. Nh Long 0820042 0820168 0820011 0820031 0820089

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

NI DUNG
I - Gii thiu .................................................................................................................... 2 II Tm hiu v ARP v cch thc tn cng gi mo ARP ....................................... 3 1. Tm hiu v ARP.................................................................................................... 3 1.1 nh ngha .............................................................................................................. 3 1.2 Nguyn tc lm vic ca ARP ............................................................................... 4 1.3 ARP cache .............................................................................................................. 6 2. Tn cng gi mo ARP .......................................................................................... 6 III M phng tn cng gi mo ARP cache dng Cain & Abel ............................. 8 IV Bin php phng chng ....................................................................................... 11 1. 2. 3. Tng cng bo mt mng LAN ......................................................................... 11 M ha ARP cache ............................................................................................... 11 Kim tra lu lng ARP ca mng dng chng trnh ca hng th ba ............ 12

V Kt lun .................................................................................................................. 12

Page 1

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

I - Gii thiu
Mt trong nhng tn cng mng thng thy nht c s dng chng li nhng c nhn v cc t chc ln chnh l cc tn cng MITM (Man in the Middle). C th hiu nm na v kiu tn cng ny th n nh mt k nghe trm. MITM hot ng bng cch thit lp cc kt ni n my tnh nn nhn v relay cc message gia chng. Trong trng hp b tn cng, nn nhn c tin tng l h ang truyn thng mt cch trc tip vi nn nhn kia, trong khi s thc th cc lung truyn thng li b thng qua host ca k tn cng. V kt qu l cc host ny khng ch c th thng dch d liu nhy cm m n cn c th gi xen vo cng nh thay i lung d liu kim sot su hn nhng nn nhn ca n.

M hnh tn cng MITM trong mng wifi

Page 2

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

C nhiu hnh thc tn cng MITM: -Tn cng gi mo ARP Cache - DNS Spoofing - Chim quyn iu khin (hijacking) HTTP session - Trong ni dung ti, chng ta s tm hiu v tn cng gi mo ARP cache. y l mt hnh thc tn cng MITM hin i c xut s lu i nht (i khi cn c bit n vi ci tn ARP Poison Routing), tn cng ny cho php k tn cng (nm trn cng mt subnet vi cc nn nhn ca n) c th nghe trm tt c cc lu lng mng gia cc my tnh nn nhn. y l mt trong nhng hnh thc tn cng n gin nht nhng li l mt hnh thc hiu qu nht khi c thc hin bi cc attackker.

II - Tm hiu v ARP v cch thc tn cng gi mo ARP


1. Tm hiu v ARP
1.1 nh ngha Giao thc ARP c thit k phc v cho nhu cu thng dch cc a ch gia cc lp th hai v th ba trong m hnh OSI. Lp th hai (lp data-link) s dng a ch MAC cc thit b phn cng c th truyn thng vi nhau mt cch trc tip. Lp th ba (lp mng), s dng a ch IP to cc mng c kh nng m rng trn ton cu. Lp data-link x l trc tip vi cc thit b c kt ni vi nhau, cn lp mng x l cc thit b c kt ni trc tip v khng trc tip. Mi lp c c ch phn nh a ch ring, v chng phi lm vic vi nhau to nn mt mng truyn thng. Vi l do , ARP c to vi RFC 826, mt giao thc phn nh a ch Ethernet - Ethernet Address Resolution Protocol

Page 3

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

1.2 Nguyn tc lm vic ca ARP Trong m hnh mng LAN: Khi mt thit b mng mun bit a ch MAC ca mt thit b mng no m n bit a ch tng network (IP, IPX) n s gi mt ARP request bao gm a ch MAC address ca n v a ch IP ca thit b m n cn bit MAC address trn ton b mt min broadcast. Mi mt thit b nhn c request ny s so snh a ch IP trong request vi a ch tng network ca mnh. Nu trng a ch th thit b phi gi ngc li cho thit b gi ARP request mt gi tin (trong c cha a ch MAC ca mnh). Trong mt h thng mng n gin, v d nh PC A mun gi gi tin n PC B v n ch bit c a ch IP ca PC B. Khi PC A s phi gi mt ARP broadcast cho ton mng hi xem "a ch MAC ca PC c a ch IP ny l g ?" Khi PC B nhn c broadcast ny, n s so snh a ch IP trong gi tin ny vi a ch IP ca n. Nhn thy a ch l a ch ca mnh, PC B s gi li mt gi tin cho PC A trong c cha a ch MAC ca B. Sau PC A mi bt u truyn gi tin cho B.

Hot ng ca ARP

Page 4

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

d hiu ta c th minh ha nh sau: - Gi request c gi n cc thit b trong on mng, trong khi gi n ni rng: a ch IP ca ti l 192.168.1.1 , a ch MAC ca ti l 00-13-02-84-E5-87;Ti cn gi mt vi th n mt ngi c a ch 192.168.1.2, nhng ti khng bit a ch phn cng ny nm u trong on mng ca mnh. Nu ai c a ch IP ny, xin hy p tr li km vi a ch MAC ca mnh. - Gi ARP reply v cung cp cu tr li, Hey thit b pht. Ti l ngi m bn ang tm kim vi a ch IP l 192.168.1.2; a ch MAC ca ti l 0A-67-83-E1-69-00 Khi qu trnh ny hon tt, thit b pht s cp nht bng ARP cache ca n v hai thit b ny c th truyn thng vi nhau. Trong mi trng h thng mng: Hot ng ca ARP trong mt mi trng phc tp hn l hai h thng mng gn vi nhau thng qua mt Router C. My A thuc mng A mun gi gi tin n my B thuc mng B. Do cc broadcast khng th truyn qua Router nn khi my A s xem Router C nh mt cu ni hay mt trung gian (Agent) truyn d liu. Trc , my A s bit c a ch IP ca Router C (a ch Gateway) v bit c rng truyn gi tin ti B phi i qua C. Tt c cc thng tin nh vy s c cha trong mt bng gi l bng nh tuyn (routing table). Bng nh tuyn theo c ch ny c lu gi trong mi my. Bng nh tuyn cha thng tin v cc Gateway truy cp vo mt h thng mng no . V d trong trng hp trn trong bng s ch ra rng i ti LAN B phi qua port X ca Router C. Bng nh tuyn s c cha a ch IP ca port X. Qu trnh truyn d liu theo tng bc sau: - Bc 1: My A gi mt ARP request (broadcast) tm a ch MAC ca port X. - Bc 2: Router C tr li, cung cp cho my A a ch MAC ca port X. - Bc 3: My A truyn gi tin n port X ca Router. - Bc 4: Router nhn c gi tin t my A, chuyn gi tin ra port Y ca Router. Trong gi tin c cha a ch IP ca my B. Router s gi ARP request tm a ch MAC ca my B.
Page 5

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

- Bc 5: My B s tr li cho Router bit a ch MAC ca mnh. Sau khi nhn c a ch MAC ca my B, Router C gi gi tin ca A n B. Trn thc t ngoi dng bng nh tuyn ny ngi ta cn dng phng php proxyARP, trong c mt thit b m nhn nhim v phn gii a ch cho tt c cc thit b khc.Theo cc my trm khng cn gi bng nh tuyn na Router C s c nhim v thc hin, tr li tt c cc ARP request ca tt c cc my. 1.3 ARP cache ARP cache c th coi nh mt bng c cha mt tp tng ng gia cc phn cng v a ch Internet Protocol (IP). Mi mt thit b trn mt mng no u c cache ring. C hai cch lu gi cc entry trong cache phn gii a ch din ra nhanh. l: - Cc entry ARP Cache tnh. y, s phn gii a ch phi c add mt cch th cng vo bng cache v c duy tr lu di. - Cc entry ARP Cache ng. y, cc a ch IP v phn cng c gi trong cache bi phn mm sau khi nhn c kt qu ca vic hon thnh qu trnh phn gii trc . Cc a ch c gi tm thi v sau c g b. ARP Cache bin mt qu trnh c th gy lng ph v mt thi gian thnh mt qu trnh s dng thi gian mt cch hiu qu. Mc d vy n c th bt gp mt s vn . Cn phi duy tr bng cache. Thm vo cng c th cc entry cache b c theo thi gian, v vy cn phi thc thi ht hiu lc i vi cc entry cache sau mt qung thi gian no . 2. Tn cng gi mo ARP Vic gi mo bng ARP chnh l li dng bn tnh khng an ton ca giao thc ARP. Khng ging nh cc giao thc khc, chng hn nh DNS (c th c cu hnh ch chp nhn cc nng cp ng kh an ton), cc thit b s dng giao thc phn gii a ch (ARP) s chp nhn nng cp bt c lc no. iu ny c ngha rng bt c thit b no c th gi gi ARP reply n mt my tnh khc v my tnh ny s cp nht vo bng ARP cache ca n ngay gi tr mi ny. Vic gi mt gi ARP reply khi khng c
Page 6

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

request no c to ra c gi l vic gi ARP vu v. Khi cc ARP reply vu v ny n c cc my tnh gi request, my tnh request ny s ngh rng chnh l i tng mnh ang tm kim truyn thng, tuy nhin thc cht h li ang truyn thng vi mt k tn cng.

M hnh tn cng gi mo ARP cache can thip vo h thng mng

Page 7

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

III M phng tn cng gi mo ARP cache dng Cain & Abel


Nhm em s dng cng c bo mt kh ph bin mang tn Cain & Abel ca Oxid.it. Cain & Abel thc hin kh nhiu th ngoi vn gi mo ARP cache, l mt cng c rt hu dng. Vic ci t cng c ny kh n gin, tuy nhin c 1 lu l nn tt ht cc chng trnh dit virus trong my khi ci Cain & Albel

icon ca chng trnh Cain & Abel Khi ln u m Cain & Abel, bn s thy mt lot cc tab pha trn ca s. Vi mc ch ca bi, chng ta s lm vic trong tab Sniffer. Khi kch vo tab ny, bn s thy mt bng trng. in vo bng ny bn cn kch hot b qut sniffer qut cc my tnh ang trong cng mng Lan ca mnh u tin, ta click vo biu tng th hai trn thanh cng c, c hnh mu xanh ging nh biu tng ca 1 card mng( )Thi gian u thc hin, bn s c yu cu chn

interface m mnh mun sniff (nh hi). Giao din cn phi c kt ni vi card mng m bn s thc hin gi mo ARP cache ca mnh trn . Khi chn xong interface, kch OK kch hot b sniffer i km ca Cain & Abel. Ti y, biu tng thanh cng c ging nh card mng s b nhn xung. Nu khng, bn hy thc hin iu . xy dng mt danh sch cc my tnh hin c trong mng ca bn, hy kch biu tng ging nh k hiu (+) trn thanh cng c chnh v kch OK.( )

Nhng khung li trng lc ny s c in y bi mt danh sch tt c cc thit b trong mng Lan ca bn, cng vi l a ch MAC, IP cng nh cc thng tin nhn dng ca chng. y l danh sch bn s lm vic khi thit lp gi mo ARP cache. pha di ca s chng trnh, bn s thy mt lot cc tab a bn n cc ca s khc bn di tiu Sniffer. Lc ny bn xy dng c danh sch cc thit b ca mnh, nhim v tip theo ca bn l lm vic vi tab APR. Chuyn sang ca s APR bng cch click nt mu vng bn di.
Page 8

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

Giao din tab sniffer Khi trong ca s APR, bn s thy hai bng trng rng: mt bn pha trn v mt pha di. Khi thit lp chng, bng pha trn s hin th cc thit b c lin quan trong gi mo ARP cache v bng bn di s hin th tt c truyn thng gia cc my tnh b gi mo. Tip tc thit lp s gi mo ARP bng cch kch vo biu tng ging nh du (+) trn thanh cng c chun ca chng trnh( ). Ca s xut hin c hai ct t cnh

nhau. Pha bn tri, bn s thy mt danh sch tt c cc thit b c sn trong mng. click a ch IP ca mt trong nhng nn nhn, bn s thy cc kt qu hin ra trong ca s bn phi l danh sch tt c cc host trong mng, b qua a ch IP va chn. Trong ca s bn phi, kch vo a ch IP ca nn nhn khc v kch OK.

Page 9

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

Minh ha qu trnh chn 2 host thc hin u c Cc a ch IP ca c hai thit b lc ny s c lit k trong bng pha trn ca ca s ng dng chnh. hon tt qu trnh, click vo k hiu bc x (vng en) trn thanh cng c chun( ). iu s kch hot cc tnh nng gi mo ARP cache ca Cain &

Abel v cho php h thng phn tch ca bn tr thnh ngi nghe ln tt c cc cuc truyn thng gia hai nn nhn.

Giao din phn mm ang thc hin qu trnh u c


Page 10

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

IV Bin php phng chng


Vic xy bao gi cng kh hn l vic ph, bi vy khi nghin cu qu trnh gi mo ARP cache t quan im ca ngi phng chng, chng ta c mt cht bt li. Qu trnh ARP xy ra trong ch background nn c rt t kh nng c th iu khin trc tip c chng. Khng c mt gii php c th no, tuy nhin nu chng ta lo lng n vn gi mo ARP cache trong mng ca mnh vn c nhng bin php phng chng loi tn cng ny. 1. Tng cng bo mt mng LAN Gi mo ARP Cache ch l mt k thut tn cng m n ch sng st khi c gng chn lu lng gia hai thit b trn cng mt LAN, i tng ch c th thc hin tn cng khi bn trong mng ca bn. Ch c mt l do khin cho bn lo s v vn ny l liu thit b ni b trn mng ca bn c b tha hip, ngi dng tin cy c nh him c hay khng hoc liu c ai c th truy cp vo mng, chng hn nh cm mt thit b khng tin cy vo mng, bng phng php no attacker c c password truy cp vo mng wifi Mc d chng ta thng tp trung ton b nhng c gng bo mt ca mnh ln phm vi mng nhng vic phng chng li nhng mi e da ngay t bn trong v vic c mt thi bo mt bn trong tt c th gip bn loi tr c s s hi trong tn cng c cp y. 2. M ha ARP cache Mt cch c th bo v chng li vn khng an ton vn c trong cc ARP request v ARP reply l thc hin mt qu trnh km ng hn. y l mt ty chn v cc my tnh Windows cho php bn c th b sung cc entry tnh vo ARP cache. Bn c th xem ARP cache ca my tnh Windows bng cch m nhc lnh v nh vo lnh arp a. C th thm cc entry vo danh sch ny bng cch s dng lnh arp s <IP ADDRESS> <MAC ADDRESS>.

Page 11

Tn cng gi mo ARP cache dng Cain & Abel

GVHD: ThS. V Minh Sn

Trong cc trng hp, ni cu hnh mng ca bn khng my khi thay i, bn hon ton c th to mt danh sch cc entry ARP tnh v s dng chng cho cc client thng qua mt kch bn t ng. iu ny s bo m c cc thit b s lun da vo ARP cache ni b ca chng thay v cc ARP request v ARP reply. 3. Kim tra lu lng ARP ca mng dng chng trnh ca hng th ba Ty chn cui cng cho vic phng chng li hin tng gi mo ARP cache l phng php phn ng c lin quan n vic kim tra lu lng mng ca cc thit b. Bn c th thc hin iu ny vi mt vi h thng pht hin xm phm (chng hn nh Snort) hoc thng qua cc tin ch c thit k c bit cho mc ch ny (nh xARP). iu ny c th kh thi khi bn ch quan tm n mt thit b no , tuy nhin n vn kh cng knh v vng mc trong vic gii quyt vi ton b on mng.

V Kt lun
Gi mo ARP Cache l mt chiu kh hiu qu trong th gii nhng k tn cng th ng man-in-the-middle v n rt n gin nhng li hiu qu. Hin vic gi mo ARP Cache vn l mt mi e da rt thc trn cc mng hin i, va kh b pht hin v kh nh tr.

Page 12