Bi 1Cc phng thc bo mt mngWLANVi gi thnh xy dng mt h thng mng WLAN gim,ngy cng c nhiu cng ty s dng.iu ny s khng th trnh khi vic Hacker chuyn sang tn cng v khai thc cc im yu trn nn tng mng s dng chun 802.11. Nhng cng c Sniffers cho php tm c cc gi tin giao tip trn mng, h c th phn tch v ly i nhng thng tin quan trng ca bn. Vy bn bit g v cc phng thc bo mt mng WLAN.Nhng phn mm scan c th c ci t trn cc thit b nh Smart Phone hay trn mt chic Laptop h tr chun kt ni Wi-Fi.

iu ny dn ti nhng thng tin nhy cm trong h thng mng, nh thng tin c nhn ca ngi dngNhng nguy c bo mt trong WLAN bao gm:

Cc thit b c th kt ni ti nhng Access Point ang broadcast SSID. Hacker s c gng tm kim cc phng thc m ho ang c s dng trong qu trnh truyn thng tin trn mng, sau c phng thc gii m ring v ly cc thng tin nhy cm. Ngi dng s dng Access Point ti gia nh s khng m bo tnh bo mt nh khi s dng ti doanh nghip. bo mt mng WLAN, bn cn thc hin qua cc bc sau:

Ch c nhng ngi dng c xc thc mi c kh nng truy cp vo mng thng qua cc Access Point. Cc phng thc m ho c p dng trong qu trnh truyn cc thng tin quan trng. Bo mt cc thng tin v cnh bo nguy c bo mt bng h thng IDS v IPS.Xc thc v bo mt d liu bng cch m ho thng tin truyn trn mng.IDS nh mt thit b gim st mng Wireless v mng Wire tm kim v cnh bo khi c cc du hiu tn cng.Ban u, IEEE 802.11 s dng gii php bo mt bng nhng kho tnh (static keys) cho c qu trnh m ho v xc thc. Phng thc xc thc nh vy l khng mnh, cui cng c th b tn cng. Bi v cc kho c qun l v khng thay i, iu ny khng th p dng trong mt gii php doanh nghip ln c.Cisco gii thiu v cho php s dng IEEE 802.1x l giao thc xc thc v s dng kho ng (dynamic keys), bao gm 802.1x Extensible Authentication Protocol (EAP). Cisco cng gii thiu phng thc chng li vic tn cng bng cch s dng qu trnh bm (hashing) (Per Packet Key PPK) v Message Integrity Check (MIC). Phng thc ny c bit n nh Cisco Key Integrity Protocol (CKIP) v Cisco Message Integrity Check (CMIC).

Cc t chc chun 802.11 bt u tin hnh vic nng cp bo mt cho mng WLAN. Wi-Fi Alliance gii thiu gii php WPA (Wi-Fi Protected Access). Mt chun nm trong chun 802.11i l chun bo mt ca WLAN v s dng chun 802.1x lm phng thc xc thc v m ho d liu. WPA c s dng cho vic xc thc ngi dung, MIC, Temporal Key Integrity Protocol (TKIP), v Dynamic Keys. N tng t nh phng thc ca Cisco nhng cch thc hin c khc i cht. WPA cng bao gm mt passphrase hay preshared key cho ngi dung h xc thc trong gii php bo mt trong gia nh, nhng khng c s dng cho gii php doanh nghip.Ngy nay , IEEE 802.11i nng cp v Advanced Encryption Standard (AES) thay th cho WEP v l phng thc bo mt mi nht v bo mt nht trong m ho d liu. Wireless IDS hin nay c vi vai tr nhn din v bo v h thng WLAN trc nhng tn cng. Wi-Fi Alliance 802.11i lm vic v s dng nh WPA2Cc Access Point gi broadcast mt hoc nhiu SSIDs, hay data rates, v mt s thng tin. Cc thit b Wi-Fi c th scan tt c cc knh v tm truy cp vo bt k mng no m h scan ra c t nhng Access Point. Client s thng kt ni ti nhng Access Point m tn hiu mnh nht. Nu tn hiu yu, client tip tc scan ti mt Access Point khc (trong trng hp Roaming). Trong qu trnh kt ni, SSID, a ch MAC v cc thit lp bo mt c gi t client ti Access Point v kim tra bi Access Point.

Ngi dung c xc thc thong qua giao thc 802.1x. Vi chun 802.1x hay EAP cn thit trn WLAN client. Access Point cng c th nh mt my ch p ng vic xc thc cho ngi dng, hoc c th lien kt ti my ch RADIUS nh xc thc h, hoc c th lm vic vi Cisco Secure ACS. Lightweight Access Pont s giao tip vi WLAN controller, v n lm vic nh mt my ch xc cung cp xc thc cho cc users.Client v my ch cung cp xc thc trin khai vi hai phin bn EAP khc nhau. Thng tin EAP s c truyn t Access point ti my ch xc thc

Sau khi xc thc song WLAN client, d liu s c m ho trc khi truyn i. V c bn phng thc m ho da vo thut ton RC4 c s dng bt u t WEP. TKIP s dng m ho RC4 c tng cng bo mt hn v vi nhiu bt m ho hn v c kho tch hp cho mi packet (key per packet PPK). AES c thay th cho RC4 vi thut ton bo mt cao cp hn. WPA s dng TKIP, trong khi WPA2 s dng AES hay TKIP.

S khc nhau gia cc dng WLANs. Cho cc im truy cp t ng (hotspots), vic m ho khng cn thit, ch cn ngi dung xc thc m thi. Vi ngi dng s dng mng WLAN cho gia nh, mt phng thc bo mt vi WPA passphare hay preshared key c khuyn co s dng. Vi gii php doanh nghip, ti u qu trnh bo mt vi 802.1x EAP lm phng thc xc thc v TKIP hay AES lm phng thc m ho. c da theo chun WPA hay WPA2 v 802.11i security.

Bo mt mng WLAN cng tng t nh bo mt cho cc h thng mng khc. Bo mt h thng phi c p dng cho nhiu tng, cc thit b nhn dng pht hin tn cng phi c trin khai. Gii hn cc quyn truy cp ti thiu cho nhng ngi dng cn thit. D liu c chia s v yu cu xc thc mi cho php truy cp. D liu truyn phi c m ho.K tn cng c th tn cng mng WLAN khng bo mt bt c lc no. Bn cn c mt phng n trin khai hp l.

Phi c lng c cc nguy c bo mt v cc mc bo mt cn thit p dng. nh gi c ton b cc giao tip qua WLAN v cc phng thc bo mt cn c p dng. nh gi c cc cng c v cc la chn khi thit k v trin khai mng WLAN.Theo VNE Research DeparmentSo snh cc phng thc bo mt da trn vic chng thc

I Bo mt bng WEP (Wired Equivalent Privacy)WEP l mt thut ton bo nhm bo v s trao i thng tin chng li s nghe trm, chng li nhng ni kt mng khng c cho php cng nh chng li vic thay i hoc lm nhiu thng tin truyn. WEP s dng stream cipher RC4 cng vi mt m 40 bit v mt s ngu nhin 24 bit (initialization vector IV) m ha thng tin. Thng tin m ha c to ra bng cch thc hin operation XOR gia keystream v plain text. Thng tin m ha v IV s c gi n ngi nhn. Ngi nhn s gii m thng tin da vo IV v kha WEP bit trc. S m ha c miu t bi hnh 1.

Hnh 1: S m ha bng WEPNhng im yu v bo mt ca WEP+ WEP s dng kha c nh c chia s gia mt Access Point (AP) v nhiu ngi dng (users) cng vi mt IV ngu nhin 24 bit. Do , cng mt IV s c s dng li nhiu ln. Bng cch thu thp thng tin truyn i, k tn cng c th c thng tin cn thit c th b kha WEP ang dng.+ Mt khi kha WEP c bit, k tn cng c th gii m thng tin truyn i v c th thay i ni dung ca thng tin truyn. Do vy WEP khng m bo cconfidentialityvintegrity.+ Vic s dng mt kha c nh c chn bi ngi s dng v t khi c thay i (tc c ngha l kha WEP khng c t ng thay i) lm cho WEP rt d b tn cng.+ WEP cho php ngi dng (supplicant) xc minh (authenticate) AP trong khi AP khng th xc minh tnh xc thc ca ngi dng. Ni mt cch khc, WEP khng cung ngmutual authentication.II. Bo mt bng WPA (Wifi Protected Access )WPA l mt gii php bo mt c ngh bi WiFi Alliance nhm khc phc nhng hn ch ca WEP. WPA c nng cp ch bng mt update phn mmSP2 ca microsoft . WPA ci tin 3 im yu ni bt ca WEP :+ WPA cng m ha thng tin bng RC4 nhng chiu di ca kha l 128 bit v IV c chiu di l 48 bit. Mt ci tin ca WPA i vi WEP l WPA s dng giao thc TKIP (Temporal Key Integrity Protocol) nhm thay i kha dng AP v user mt cch t ng trong qu trnh trao i thng tin. C th l TKIP dng mt kha nht thi 128 bit kt hp vi a ch MAC ca user host v IV to ra m kha. M kha ny s c thay i sau khi 10 000 gi thng tin c trao i.+ WPA s dng 802.1x/EAP m bo mutual authentication nhm chng li man-in-middle attack. Qu trnh authentication ca WPA da trn mt authentication server, cn c bit n vi tn gi RADIUS/ DIAMETER. Server RADIUS cho php xc thc user trong mng cng nh nh ngha nhng quyn ni kt ca user. Tuy nhin trong mt mng WiFi nh (ca cng ty hoc trng hc), i khi khng cn thit phi ci t mt server m c th dng mt phin bn WPA-PSK (pre-shared key). tng ca WPA-PSK l s dng mt password (Master Key) chung cho AP v client devices. Thng tin authentication gia user v server s c trao i thng qua giao thc EAP (Extensible Authentication Protocol). EAP session s c to ra gia user v server r chuyn i thng tin lin quan n identity ca user cng nh ca mng. Trong qu trnh ny AP ng vai tr l mt EAP proxy, lm nhim v chuyn giao thng tin gia server v user. Nhng authentication messages chuyn i c miu t trong hnh 2.

Hnh 2: Messages trao i trong qu trnh authentication.+ WPA s dng MIC (Michael Message Integrity Check ) tng cng integrity ca thng tin truyn. MIC l mt message 64 bit c tnh da trn thut tan Michael. MIC s c gi trong gi TKIP v gip ngi nhn kim tra xem thng tin nhn c c b li trn ng truyn hoc b thay i bi k ph hoi hay khng.Tm li, WPA c xy dng nhm ci thin nhng hn ch ca WEP nn n cha ng nhng c im vt tri so vi WEP. u tin, n s dng mt kha ng m c thay i mt cch t ng nh vo giao thc TKIP. Kha s thay i da trn ngi dng, session trao i nht thi v s lng gi thng tin truyn. c im th 2 l WPA cho php kim tra xem thng tin c b thay i trn ng truyn hay khng nh vo MIC message. V c im ni bt th cui l n cho php multual authentication bng cch s dng giao thc 802.1xNhng im yu ca WPA im yu u tin ca WPA l n vn khng gii quyt c denial-of-service (DoS) attack [5]. K ph hoi c th lm nhiu mng WPA WiFi bng cch gi t nht 2 gi thng tin vi mt kha sai (wrong encryption key) mi giy. Trong trng hp , AP s cho rng mt k ph hoi ang tn cng mng v AP s ct tt c cc ni kt trong vng mt pht trch hao tn ti nguyn mng. Do , s tip din ca thng tin khng c php s lm xo trn hot ng ca mng v ngn cn s ni kt ca nhng ngi dng c cho php (authorized users).Ngoi ra WPA vn s dng thut tan RC4 m c th d dng b b v bi FMS attack ngh bi nhng nh nghin cu trng i hc Berkeley [6]. H thng m ha RC4 cha ng nhng kha yu (weak keys). Nhng kha yu ny cho php truy ra kha encryption. c th tm ra kha yu ca RC4, ch cn thu thp mt s lng thng tin truyn trn knh truyn khng dy.WPA-PSK l mt bin bn yu ca WPA m n gp vn v qun l password hoc shared secret gia nhiu ngi dng. Khi mt ngi trong nhm (trong cng ty) ri nhm, mt password/secret mi cn phi c thit lp.III. Tng cng bo mt vi chun 802.11i (WPA2)Chun 802.11i c ph chun vo ngy 24 thng 6 nm 2004 nhm tng cng tnh mt cho mng WiFi. 802.11i mang y cc c im ca WPA. Tp hp nhng giao thc ca 802.11i cn c bit n vi tn gi WPA 2. Tuy nhin, 802.11i s dng thut ton m ha AES (Advanced Encryption Standard) thay v RC4 nh trong WPA. M kha ca AES c kch thc l 128, 192 hoc 256 bit. Tuy nhin thut ton ny i hi mt kh nng tnh ton cao (high computation power). Do , 802.11i khng th update n gin bng software m phi c mt dedicated chip. Tuy nhin iu ny c c tnh trc bi nhiu nh sn xut nn hu nh cc chip cho card mng Wifi t u nm 2004 u thch ng vi tnh nng ca 802.11i.Bi 2 Tn cng DDoSNi dung s trnh by ni dung chi tit v mng Bot, cc dng mng Bot v cch to ra mng Botnet. Khi hiu v mng Botnet bn c th hnh dung ra phng thc tn cng DDoS chi tit cc phng thc tn cng DDoS cc thc hin cc phng thc tn cng ny. Nhng bi vit ny ch c tc dng gip cc bn hiu bit su v tn cng DDoS m thi, cc tools gii thiu ch mang tnh gii thiu v n l cc tools DDoS c.Mng BOT NET1. ngha ca mng BOT- Khi s dng mt Tool tn cng DoS ti mt my ch i khi khng gy nh hng g cho my ch - Gi s bn s dng tool Ping of Death ti mt my ch, trong my ch kt ni vi mng tc 100Mbps bn kt ni ti my ch tc 3Mbps - Vy tn cng ca bn khng c ngha g.- Nhng bn hy tng tng c 1000 ngi nh bn cng mt lc tn cng vo my ch kia khi ton b bng thng ca 1000 ngi cng li ti a t 3Gbps v tc kt ni ca my ch l 100 Mbps vy kt qu s ra sao cc bn c kh nng tng tng.- Nhng ti ang th hi lm cch no c 1000 my tnh kt ni vi mng ti i mua mt nghn chic v thu 1000 thu bao kt ni - chc chn ti khng lm nh vy ri v cng khng k tn cng no s dng phng php ny c.- K tn cng xy dng mt mng gm hng nghn my tnh kt Internet (c mng BOT ln ti 400.000 my). Vy lm th no chng c kh nng li dng ngi kt ni ti Internet xy dng mng BOT trong bi vit ny ti s gii thiu vi cc bn cc mng BOT v cch xy dng, nhng Tool xy dng.- Khi c trong tay mng BOT k tn cng s dng nhng tool tn cng n gin tn cng vo mt h thng my tnh. Da vo nhng truy cp hon ton hp l ca h thng, cng mt lc chng s dng mt dch v ca my ch, bn th tng tng khi k tn cng c trong tay 400.000 my ch v cng mt lc ra lnh cho chng download mt file trn trang web ca bn. V chnh l DDoS Distributed Denial of Servcie- Khng c mt phng thc chng tn cng DDoS mt cch hon ton nhng trong bi vit ny ti cng gii thiu vi cc bn nhng phng php phng chng DDoS khi chng ta hiu v n.2. Mng BOT- BOT t vit tt ca t RoBOT- IRCbot cn c gi l zombia hay drone.- Internet Relay Chat (IRC) l mt dng truyn d liu thi gian thc trn Internet. N thng c thit k sao cho mt ngi c th nhn c cho mt group v mi ngi c th giao tip vi nhau vi mt knh khc nhau c gi l Channels.- u tin BOT kt ni knh IRC vi IRC Server v i giao tip gia nhng ngi vi nhau.- K tn cng c th iu khin mng BOT v s dng mng BOT cng nh s dng nhm mt mc ch no .- Nhiu mng BOT kt ni vi nhau ngi ta gi l BOTNET botnet.3. Mng Botnet. - Mng Botnet bao gm nhiu my tnh - N c s dng cho mc ch tn cng DDoS - Mt mng Botnet nh c th ch bao gm 1000 my tnh nhng bn th tng tng mi my tnh ny kt ni ti Internet tc ch l 128Kbps th mng Botnet ny c kh nng to bng thng l 1000*128 ~ 100Mbps y l mt con s th hin bng thng m kh mt nh Hosting no c th share cho mi trang web ca mnh.4. Mc ch s dng mng Botnets- Tn cng Distributed Denial-of-Service - DDoS+ Botnet c s dng cho tn cng DDoS- Spamming+ M mt SOCKS v4/v5 proxy server cho vic Spamming- Sniffing traffic+ Bot cng c th s dng cc gi tin n sniffer (tm c cc giao tip trn mng) sau khi tm c cc gi tin n c gng gii m gi tin ly c cc ni dung c ngha nh ti khon ngn hng v nhiu thng tin c gi tr khc ca ngi s dng.- Keylogging+ Vi s tr gip ca Keylogger rt nhiu thng tin nhy cm ca ngi dng c th s b k tn cng khai thc nh ti khon trn e-banking, cng nh nhiu ti khon khc.- Ci t v ly nhim chng trnh c hi+ Botnet c th s dng to ra mng nhng mng BOT mi.- Ci t nhng qung co Popup+ T ng bt ra nhng qung co khng mong mun vi ngi s dng. Google Adsense abuse+ T ng thay i cc kt qu tm kim hin th mi khi ngi dng s dng dch v tm kim ca Google, khi thay i kt qu n s la ngi dng kch vo nhng trang web nguy him.- Tn cng vo IRC Chat Networks+ N c gi l clone attack- Phishing+ Mng botnet cn c s dng phishing mail nhm ly cc thng tin nhy cm ca ngi dng.5. Cc dng ca mng BOT.Agobot/Phatbot/Forbot/XtremBot- y l nhng bot c vit bng C++ trn nn tng Cross-platform v m ngun c tm trn GPL. Agobot c vit bi Ago nick name c ngi ta bit n l Wonk, mt thanh nin tr ngi c b bt hi thng 5 nm 2004 vi ti danh v ti phm my tnh.- Agobot c kh nng s dng NTFS Alternate Data Stream (ADS) v nh mt loi Rootkit nhm n cc tin trnh ang chy trn h thng SDBot/Rbot/UrBot/UrXbot- SDBot c vit bng ngn ng C v cng c public bi GPL. N c coi nh l tin thn ca Rbot, RxBot, UrBot, UrXBot, JrBotmIRC-Based Bots GT-Bots- GT c vit tt t fhai t Global Threat v tn thng c s dng cho tt c cc mIRC-scripted bots. N c kh nng s dng phn mm IM l mIRC thit lp mt s script v mt s on m khc.6. Cc bc xy dng mng BotNet? Cch phn tch mng Bot. hiu hn v xy dng h thng mng BotNet chng ta nghin cu t cch ly nhim vo mt my tnh, cch to ra mt mng Bot v dng mng Bot ny tn cng vo mt ch no ca mng Botnet c to ra t Agobots.Bc 1: Cch ly nhim vo my tnh.- u tin k tn cng la cho ngi dng chy file "chess.exe", mt Agobot thng copy chng vo h thng v s thm cc thng s trong Registry m bo s chy cng vi h thng khi khi ng. Trong Registry c cc v tr cho cc ng dng chy lc khi ng ti.HKLM\Software\Microsoft\Windows\CurrentVersion\RunHKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesBc 2: Cch ly lan v xy dng to mng BOTNET- Sau khi trong h thng mng c mt my tnh b nhim Agobot, n s t ng tm kim cc my tnh khc trong h thng v ly nhim s dng cc l hng trong ti nguyn c chia s trong h thng mng.- Chng thng c gng kt ni ti cc d liu share mc nh dnh cho cc ng dng qun tr (administrator or administrative) v d nh: C$, D$, E$ v print$ bng cch on usernames v password c th truy cp c vo mt h thng khc v ly nhim.- Agobot c th ly lan rt nhanh bi chng c kh nng tn dng cc im yu trong h iu hnh Windows, hay cc ng dng, cc dch v chy trn h thng.Bc 3: Kt ni vo IRC.- Bc tip theo ca Agobot s to ra mt IRC-Controlled Backdoor m cc yu t cn thit, v kt ni ti mng Botnet thng qua IRC-Controll, sau khi kt ni n s m nhng dch v cn thit khi c yu cu chng s c iu khin bi k tn cng thng qua knh giao tip IRC.Bc 4: iu khin tn cng t mng BotNet.- K tn cng iu khin cc my trong mng Agobot download nhng file .exe v chy trn my.- Ly ton b thng tin lin quan v cn thit trn h thng m k tn cng mun.- Chy nhng file khc trn h thng p ng yu cu ca k tn cng.- Chy nhng chng trnh DDoS tn cng h thng khc.7. S cch h thng b ly nhim v s dng Agobot.

VII. Cc tools tn cng DDoS1. Nuclear Bot.- Nuclear Bot l mt tool cc mnh "Multi Advanced IRC BOT" c th s dng Floods, Managing, Utilities, Spread, IRC Related, tn cng DDoS v nhiu mc ch khc.

VIII. Tn cng DDoS

Trn Internet tn cng Distributed Denial of Service l mt dng tn cng t nhiu my tnh ti mt ch, n gy ra t chi cc yu cu hp l ca cc user bnh thng. Bng cch to ra nhng gi tin cc nhiu n mt ch c th, n c th gy tnh trng tng t nh h thng b shutdown.2. Cc c tnh ca tn cng DDoS.- N c tn cng t mt h thng cc my tnh cc ln trn Internet, v thng da vo cc dch v c sn trn cc my tnh trong mng botnet- Cc dch v tn cng c iu khin t nhng "primary victim" trong khi cc my tnh b chim quyn s dng trong mng Bot c s dng tn cng thng c gi l "secondary victims".- L dng tn cng rt kh c th pht hin bi tn cng ny c sinh ra t nhiu a ch IP trn Internet.- Nu mt a ch IP tn cng mt cng ty, n c th c chn bi Firewall. Nu n t 30.000 a ch IP khc, th iu ny l v cng kh khn.- Th phm c th gy nhiu nh hng bi tn cng t chi dch v DoS, v iu ny cng nguy him hn khi chng s dng mt h thng mng Bot trn internet thc hin tn cng DoS v c gi l tn cng DDoS.3. Tn cng DDoS khng th ngn chn hon ton.- Cc dng tn cng DDoS thc hin tm kim cc l hng bo mt trn cc my tnh kt ni ti Internet v khai thc cc l hng bo mt xy dng mng Botnet gm nhiu my tnh kt ni ti Internet.- Mt tn cng DDoS c thc hin s rt kh ngn chn hon ton.- Nhng gi tin n Firewall c th chn li, nhng hu ht chng u n t nhng a ch IP cha c trong cc Access Rule ca Firewall v l nhng gi tin hon ton hp l.- Nu a ch ngun ca gi tin c th b gi mo, sau khi bn khng nhn c s phn hi t nhng a ch ngun tht th bn cn phi thc hin cm giao tip vi a ch ngun .- Tuy nhin mt mng Botnet bao gm t hng nghn ti vi trm nghn a ch IP trn Internet v iu l v cng kh khn ngn chn tn cng.4. K tn cng khn ngoan.Gi y khng mt k tn cng no s dng lun a ch IP iu khin mng Botnet tn cng ti ch, m chng thng s dng mt i tng trung gian di y l nhng m hnh tn cng DDoSa. Agent Handler ModelK tn cng s dng cc handler iu khin tn cng

b. Tn cng DDoS da trn nn tng IRCK tn cng s dng cc mng IRC iu khin, khuych i v qun l kt ni vi cc my tnh trong mng Botnet.

IX. Phn loi tn cng DDoS- Tn cng gy ht bng thng truy cp ti my ch.+ Flood attack+ UDP v ICMP Flood (flood gy ngp lt)- Tn cng khuch i cc giao tip+ Smurf and Fraggle attackTn cng DDoS vo Yahoo.com nm 2000

S phn loi tn cng DDoS

S tn cng DDoS dng Khuch i giao tip.Nh cc bn bit tn cng Smurf khi s dng s Ping n a ch Broadcast ca mt mng no m a ch ngun chnh l a ch ca my cn tn cng, khi ton b cc gi Reply s c chuyn ti a ch IP ca my tnh b tn cng.

X. Tn cng Reflective DNS (reflective - phn chiu).a. Cc vn lin quan ti tn cng Reflective DNS- Mt Hacker c th s dng mng botnet gi rt nhiu yu cu ti my ch DNS.- Nhng yu cu s lm trn bng thng mng ca cc my ch DNS,- Vic phng chng dng tn cng ny c th dng Firewall ngn cm nhng giao tip t cc my tnh c pht hin ra.- Nhng vic cm cc giao tip t DNS Server s c nhiu vn ln. Mt DNS Server c nhim v rt quan trng trn Internet.- Vic cm cc giao tip DNS ng ngha vi vic cm ngi dng bnh thng gi mail v truy cp Website.- Mt yu cu v DNS thng chim bng 1/73 thi gian ca gi tin tr li trn my ch. Da vo yu t ny nu dng mt Tools chuyn nghip lm tng cc yu cu ti my ch DNS s khin my ch DNS b qu ti v khng th p ng cho cc ngi dng bnh thng c na.b. Tool tn cng Reflective DNS ihateperl.pl- ihateperl.pl l chng trnh rt nh, rt hiu qu, da trn kiu tn cng DNS-Reflective- N s dng mt danh sch cc my ch DNS lm trn h thng mng vi cc gi yu cu Name Resolution.- Bng mt v d n c th s dng google.com resole gi ti my ch v c th i tn domain thnh www.vnexperts.net hay bt k mt trang web no m k tn cng mun.- s dng cng c ny, rt n gin bn to ra mt danh sch cc my ch DNS, chuyn cho a ch IP ca my c nhn v thit lp s lng cc giao tip.XI. Cc tools s dng tn cng DDoS.Trong ton b cc tools ti gii thiu trong bi vit ny hu ht l cc tools c v khng hiu qu, v ch mang tnh cht s phm cc bn c th hiu v dng tn cng DDoS hn m thi. Di y l cc Tools tn cng DDoS. Trinoo - Tribe flood Network (TFN) - TFN2K - Stacheldraht - Shaft- Trinity - Knight - Mstream - KaitenCc tools ny bn hon ton c th Download min ph trn Internet v lu l ch th y l cc tools yu v ch mang tnh Demo v tn cng DdoS m thi.

Tn cng t chi dch v - DDOS

Tn cng t chi dch v phn tn DDOS s lun l mi e do hng u n cc h thng cng ngh thng tin trn th gii. V mt k thut, hu nh chng ta ch c th hy vng tin tc s dng nhng cng c bit v c hiu bit km ci v cc giao thc c th nhn bit v loi tr cc traffic gy nn cuc tn cng. Mt iu m cc chuyn gia ai cng tha nhn, l nu DDOS c thc hin bi mt tin tc c trnh th vic phngtrnh l khng th. Cch y 4 nm, gii hacker chnh quy th gii khai t k thut tn cng ny v chm dt mi hot ng nghin cu trnh din hay pht tn cng c, do chnh bn thn h cng nhn thy mc nguy him v khng cng bng ca kiu tn cng ny. Vi mt h tng mng cng vi thng mi in t va chm hnh thnh, DDOS s l mt mi nguy hi rt ln cho Internet Vit Nam.Tn cng t chi dch v (DoS) l cuc tn cng trn h thng mng nhm ngn cn nhng truy xut ti mt dch v nh l WEB, Email, Tn cng DoS ph hu dch v mng bng cch lm trn ngp s lng kt ni, qu ti server hoc chng trnh chy trn server, tiu tn ti nguyn ca server, hoc ngn chn ngi dng hp l truy nhp ti cc dch v mng.C rt nhiu cc phng cch thc hin cc cuc tn cng t chi dch v v th cng c rt nhiu cch phn loi cc kiu tn cng t chi dch v DoS. Cch phn loi ph bin thng dngda vo giao thc trong hnh thc tn cng DoS, v d nh trn ngp ICMP vi Smurf, Ping of Death, khai thc im yu ca TCP trong hot ng ca giao thc v phn mnh gi tin vi SYN flood, LanD attacks, TearDrop, hay cc ng dng lp ng dng nh vi Flash Crowds (hay tn gi khc l X-flash).Phn loi theo phng thc tn cng, DoS c th c thc hin bng mt vi gi tin n l gi thng ti server gy ri lon hot ng (nh slammer worm), hoc kch hot gi t nhiu ngun (tn cng t chi dch v phn tn DdoS). Tn cng c th thc hin trn mng Internet (s dng ngay cc web server), hoc broadcast trong mng t bn trong (insider attacks nh vi Blaster worm), trn cc mng ngang hng P2P (P2P index poinsioning) hay Wireless (WLAN authentication rejection attack-spoof sender). Tuy nhin, c th thy cc cch phn loi trn da ch yu vo cch nhn t s pht sinh ngun tn cng v v th, khng h thng ho c phng thc phng trnh.Mt cch chung nht, mt c quan hay t chc cn xem xt nhng c im sau y khi i ph vi cc mi e do v DoS nh sau:1.Phng nga cc im yu ca ng dng (Application Vulnerabilities)Cc im yu tng ng dng, v cc li trong chng trnh ng dng c th b khai thc gy li trn b m, dn n dch v hoc ng dng b ngng hot ng. Li ch yu c tm thy trn cc ng dng chy trn h iu hnh ph bin hin nay l Windows, trn cc chng trnh Webserver, DNS, hay SQL database. Cp nht cc bn v l mt trong nhng yu cu quan trng cho vic phng nga cc im yu ca ng dng. Trong thi gian cha th cp nht v s li cho ton b cc my tnh, h thng phi c bo v bng cc bn v o (virtual patch). Ngoi ra, h thng cn c bit xem xt nhng yu cu trao i ni dung gia my cliet v server, nhm trnh cho server chu tn cng qua cc thnh phn gin tip nh l SQL injection.2.Phng nga vic tuyn m zombieZombie (hay cn gi l daemons, slaves hoc agent) l cc i tng c li dng tr thnh thnh phn pht sinh tn cng. Mt s trng hp in hnh nh l thng qua rootkit (mt dng phn mm c kch hot mi khi h thng khi ng, trc c khi h iu hnh khi ng xong. Rootkit cho php ci mt file c thuc tnh n, mt tin trnh, hoc mt ti khon ngi s dng ln h iu hnh. Rootkit c kh nng chn bt d liu t cc terminal, t cc kt ni mng v t bn phm), hay cc thnh phn hot ng nh km trong email, hoc trang Web (v d nh s dng cc file jpeg khai thc li ca phn mm x l nh, cc on m nh km theo file flash, hoc trojan ci t theo phising, hay thng qua vic ly lan worm (Netsky, MyDoom, Sophos). phng chng, h thng mng cn c nhng cng c theo di v lc b ni dung (content filtering) nhm ngn nga vic tuyn m zombie ca cc tin tc.

3.Ngn nga knh pht ng tn cng s dng cng cC rt nhiu cc cng c tn cng t chi dch v DoS, ch yu l tn cng t chi dch v phn tn DdoS nh l TFN, TFN2000 (Trible Flood Network), tn cng da vo nguyn l hot ng ca cc giao thc nh l Smurf, UDP, SYN, hay ICMP (Trinoo cho UDP flood, Stacheldraht cho TCP ACK, TCP NULL, HAVOC, DNS flood, hoc trn ngp TCP vi packets headers ngu nhin. Cc cng c ny c c im l cn phi c cc knh pht ng zombie thc hin tn cng ti mt my ch c th. H thng cn phi c cc cng c gim st v ngn nga cc knh pht ng .4.Ngn chn tn cng bng bng thngKhi mt cuc tn cng DDoS c pht ng n thng c pht hin da trn s thay i ng k v bng thng ca h thng mng. V d, mt h thng mng bnh thng c th c 80% lu lng l ca giao thc TCP, 20% lu lng cn li l ca UDP. Thng k ny nu c thay i r rt c th l du hiu ca mt cuc tn cng DoS. V d nh, su Slammer s lm tng lu lngUDP, trong khi su Welchi s to ra ICMP flood. Vic phn tn lu lng gy ra bi cc su ny gy tc hi ln router, firewall, hoc h tng mng. H thng cn phi c cc cng c gim st v iu phi bng thng nhm gim thiu tc hi ca tn cng dng ny.5.Ngn chn tn cng qua c ch SYN/ACKSYN flood l mt trong nhng cch tn cng DoS c nht cn tn ti cho n thi im hin ti, nhng tc hi ca n gy ra th khng gim. im cn bn phng nga cch tn cng DoS ny l kh nng kim sot c s lng yu cu SYN/ACK trong c ch kt ni 3-way handshaking ca giao thc TCP ti h thng mng.6.Pht hin v ngn chn tn cng ti hn s kt niBn thn cc server ch c th p ng c mt s lng nht nh cc kt ni ti n cng mt lc. Ngay bn thn firewall (c bit vi cc firewall c tnh nng stateful inspection), th cc kt ni lun c gn lin vi bng trng thi c gii hn dung lng. a phn cc cuc tn cng u sinh ra s lng cc kt ni o thng qua vic gi mo. phng nga tn cng dng ny, h thng cn phn tch v chng c vic gi mo, v kim sot c s lng kt ni t mt ngun c th ti server.7.Pht hin v ngn chn tn cng ti hn tc thit lp kt niMt trong nhng im m cc server thng b li dng l kh nng cc b m gii hn dnh cho tc thit lp kt ni, dn n qu ti khi phi chu s thay i t ngt v s lng kt ni. y, vic p dng b lc gii hn s lng kt ni c mt vai tr rt quan trng. Mt b lc s xc nh ngng tc kt ni cho tng thnh phn ca mng.Trong mt h thng, i ph vi cc cuc tn cng t chi dch v, th thnh phn IPS c coi l quan trng nht. Cc cuc tn cng t chi dch v ch yu nhm vo kh nng x l ca h thng mng m u tin l cc thit b an ninh mng. Nng lc x l ca IPS l mt trong nhng c im cn ch , c bit l s n nh trong vic x l ng thi cc loi lu lng hn tp vi kch thc gi tin thay i.

24