Fools your enemy with MikroTik

Preview:

Click to see full reader

Citation preview

Fools your enemy with Mikrotik

BY: DIDIET KUSUMADIHARDJAMIKROTIK USER MEETING (MUM) 2016JAKARTA, INDONESIA 14 OCTOBER 2016

Didiet Kusumadihardja - didiet@arch.web.id

2About Me

Didiet Kusumadihardja1. IT Security Specialist

PT. Mitra Solusi Telematika

2. Trainer & IT Consultant Arch Networks

MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE

Didiet Kusumadihardja - didiet@arch.web.id

3PT. Mitra Solusi Telematika

Gedung TMT 2. GFJl. Cilandak KKO

Jakarta

Didiet Kusumadihardja - didiet@arch.web.id

4

GlobalIT Security

Incident

Didiet Kusumadihardja - didiet@arch.web.id

5Global IT Security Incident 2014

Entire Network Canceled

Didiet Kusumadihardja - didiet@arch.web.id

6Global IT Security Incident 2015

3 Tahun di Hack ( 2012 – 2015)

Didiet Kusumadihardja - didiet@arch.web.id

7Global IT Security Incident 2016

500 Juta Account

3 Miliar Account ???Source: Tech Times

Didiet Kusumadihardja - didiet@arch.web.id

8

IndonesiaIT Security

Incident

Didiet Kusumadihardja - didiet@arch.web.id

9

Source: Akamai

INDONESIAIS

SAFE?

Didiet Kusumadihardja - didiet@arch.web.id

10Indonesia IT Security Incident 2013

polri.go.id2013

Deface

Motive: Fame?

Didiet Kusumadihardja - didiet@arch.web.id

11Indonesia IT Security Incident 2016

Teman Ahok

DDoS Attack

Motive: Politics?

Didiet Kusumadihardja - didiet@arch.web.id

12Indonesia IT Security Incident 2016

Videotron

Kebayoran BaruJakarta Selatan

Motive: Curiosity?

Didiet Kusumadihardja - didiet@arch.web.id

13

Source: Carnegie Mellon University

IT SecurityTrends

Gak PerluPinter Buat

Hacking

Didiet Kusumadihardja - didiet@arch.web.id

14Hacking Tools Example

Cain & AbelKali Linux

Didiet Kusumadihardja - didiet@arch.web.id

15

Source: SCMagazine

Modern Business

Cybercrime as a Service (CaaS)

Didiet Kusumadihardja - didiet@arch.web.id

16

How Hackersdo it?

Didiet Kusumadihardja - didiet@arch.web.id

17Hacking Phase

1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks

Source: Ethical Hacking by EC-Council

Didiet Kusumadihardja - didiet@arch.web.id

18Hacking Phase (Cont’d)

1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks

Information Gathering

OS Detail Open Port

Version

Device Type

Application Vulnerability

Exploit Vulnerability

Escalate PrivilegeBackdoors

Delete/overwrite Event/LogsData harvesting

Didiet Kusumadihardja - didiet@arch.web.id

19Hacking Phase Analogy

1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks

Didiet Kusumadihardja - didiet@arch.web.id

20When we fools them?

1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks

Didiet Kusumadihardja - didiet@arch.web.id

21Why at Scanning Phase?

TELNET SSH

Didiet Kusumadihardja - didiet@arch.web.id

22Scanning Tools

SoftPerfect Network Scanner

The Dude

Didiet Kusumadihardja - didiet@arch.web.id

23

How to fools them?

Didiet Kusumadihardja - didiet@arch.web.id

24Use a bait

Honey Pot

Hacker Bait

Didiet Kusumadihardja - didiet@arch.web.id

25Web Server Example

Web Server

HTTP HTTPS

=

Didiet Kusumadihardja - didiet@arch.web.id

26Confuse your enemy

HTTP HTTPS

Didiet Kusumadihardja - didiet@arch.web.id

27Server Farm Network Example

192.168.1.2 DNS Server192.168.1.5 Web Server192.168.1.10 DB Server192.168.1.15 Mail Server

SERVER X

192.168.1.0/24

Didiet Kusumadihardja - didiet@arch.web.id

28Confuse your enemy

192.168.1.1 Fake Server 1192.168.1.2 DNS Server192.168.1.3 Fake Server 2192.168.1.4 Fake Server 3192.168.1.5 Web Server192.168.1.6 Fake Server 4192.168.1.7 Fake Server 5192.168.1.8 Fake Server 6192.168.1.9 Fake Server 7192.168.1.10 DB Server192.168.1.11 Fake Server 8192.168.1.12 Fake Server 9192.168.1.13 Fake Server 10192.168.1.14 Fake Server 11192.168.1.15 Mail Server 192.168.1.0/24

Didiet Kusumadihardja - didiet@arch.web.id

29

How we do it with Mikrotik?

Didiet Kusumadihardja - didiet@arch.web.id

30

NAT(Network Address Translation)

Didiet Kusumadihardja - didiet@arch.web.id

31

Fake NAT

Didiet Kusumadihardja - didiet@arch.web.id

32Fake Ports at your Web Server

HTTP & HTTPS toLegitimate Server

Other Ports toFake Server

Didiet Kusumadihardja - didiet@arch.web.id

33Simple NAT for Web Server

INTERNET

ROUTER WEB SERVER192.168.2.3

Chain Action

NAT (Port Mapping)

10.0.0.1

Didiet Kusumadihardja - didiet@arch.web.id

34Add Additional NAT for Bait

Web Server192.168.2.3 Fake Server

(Honey Pot)192.168.2.4

Chain Action

Didiet Kusumadihardja - didiet@arch.web.id

35Fake Server at your Server Farm Network

Only one legitimateserver

Others are Fake Server

Didiet Kusumadihardja - didiet@arch.web.id

36Another Example

Web Server192.168.2.3

Fake Server(Honey Pot)192.168.2.4

Chain Action

Didiet Kusumadihardja - didiet@arch.web.id

37Combine with Honey Pot

KFSensorOthers HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes

Didiet Kusumadihardja - didiet@arch.web.id

38What Hacker See (NMAP)

Before After

Nmap / Zenmap

Didiet Kusumadihardja - didiet@arch.web.id

39What Hacker See (SoftPerfect NetScan)

Before After

SoftPerfect Network Scanner

Didiet Kusumadihardja - didiet@arch.web.id

40I don’t want to use HoneyPot

Step 1: Chain

Step 2: Action

Didiet Kusumadihardja - didiet@arch.web.id

41What we see, If someone PING

SRC-MAC ADDRESSSRC-IP ADDRESS

Didiet Kusumadihardja - didiet@arch.web.id

42What we see, If someone NMAP

Mikrotik LOG:

Didiet Kusumadihardja - didiet@arch.web.id

43The Dude, Hotspot & Userman

IP Address MAC Address User ID Person

Didiet Kusumadihardja - didiet@arch.web.id

44Use Case 1

Internet Café(WARNET)

University

OfficeInsider Threat

Didiet Kusumadihardja - didiet@arch.web.id

45Use Case 2

AnalyticsFor Fun

Learn hacking methodfrom hacker / script kiddies

Research

http://public.honeynet.id

(Low Interaction Honeypot)(High Interaction Honeypot)

Didiet Kusumadihardja - didiet@arch.web.id

46

Thank you..

Question?

DIDIET KUSUMADIHARDJA

didiet@arch.web.idhttp://didiet.arch.web.id/

https://www.facebook.com/ArchNetID/

Recommended

Fools for Christ
Documents
AirMax5 and Mikrotik Router Board Connection Guidedslrouter.sourceforge.net/stuff/mikrotik/mikrotik/AirMax5_and... · AIRMAX5 AND MIKROTIK Connection Guide 5 Note: Please change the
Documents
Proverbs 26a fools
Spiritual
(Mikrotik) Mikrotik 0.19 Mikrotik G).m MikroTik Certified
Documents
Konfigurasi Mikrotik USER MANAGER Mikrotik RB750 v1.3-2011
Documents
April Fools' 2015
Documents
MODUL MIKROTIK MTCNAindex-of.es/z0ro-Repository-2/Data/jaringan/Mikrotik...5 Bab 1. Konfigurasi Dasar Mikrotik Lab 1. Akses ke Routerboard Mikrotik Akses ke perangkat mikrotik dapat
Documents
ship of fools
Documents
Bubbles and fools
Documents
Shep of Fools
Documents
Peranan MikroTik - Seminar MikroTik STIMIK MDP Palembang
Internet
April Fools
Documents
MikroTik User Meeting PIM protocol on MikroTik …mum.mikrotik.com/presentations/PL12/cogiel.pdf · MikroTik User Meeting PIM protocol on MikroTik devices ... create vlan 100,
Documents
Prince of fools
News & Politics
Mikrotik - Install Mikrotik Di Virtual Machine
Documents
Deceiver of Fools
Documents
Holy Fools for Love Holy Fools for Christstorage.cloversites.com/.../documents/foolsforchrist.pdf · Holy Fools for Love Holy Fools for Christ MMACC Lenten Retreat - February 23-24,
Documents
mikrotik vpndslrouter.sourceforge.net/stuff/mikrotik/mikrotik/GregSowell-mikrotik... · PPTP – Point to Point Tunneling Protocol GregSowell.com • PPTP tunnels ALL traffic through
Documents
April Fools eCookbook
Documents
No Fools Cold
Documents