View
406
Download
1
Category
Preview:
Citation preview
Fools your enemy with Mikrotik
BY: DIDIET KUSUMADIHARDJAMIKROTIK USER MEETING (MUM) 2016JAKARTA, INDONESIA 14 OCTOBER 2016
Didiet Kusumadihardja - didiet@arch.web.id
2About Me
Didiet Kusumadihardja1. IT Security Specialist
PT. Mitra Solusi Telematika
2. Trainer & IT Consultant Arch Networks
MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE
Didiet Kusumadihardja - didiet@arch.web.id
3PT. Mitra Solusi Telematika
Gedung TMT 2. GFJl. Cilandak KKO
Jakarta
Didiet Kusumadihardja - didiet@arch.web.id
4
GlobalIT Security
Incident
Didiet Kusumadihardja - didiet@arch.web.id
5Global IT Security Incident 2014
Entire Network Canceled
Didiet Kusumadihardja - didiet@arch.web.id
6Global IT Security Incident 2015
3 Tahun di Hack ( 2012 – 2015)
Didiet Kusumadihardja - didiet@arch.web.id
7Global IT Security Incident 2016
500 Juta Account
3 Miliar Account ???Source: Tech Times
Didiet Kusumadihardja - didiet@arch.web.id
8
IndonesiaIT Security
Incident
Didiet Kusumadihardja - didiet@arch.web.id
9
Source: Akamai
INDONESIAIS
SAFE?
Didiet Kusumadihardja - didiet@arch.web.id
10Indonesia IT Security Incident 2013
polri.go.id2013
Deface
Motive: Fame?
Didiet Kusumadihardja - didiet@arch.web.id
11Indonesia IT Security Incident 2016
Teman Ahok
DDoS Attack
Motive: Politics?
Didiet Kusumadihardja - didiet@arch.web.id
12Indonesia IT Security Incident 2016
Videotron
Kebayoran BaruJakarta Selatan
Motive: Curiosity?
Didiet Kusumadihardja - didiet@arch.web.id
13
Source: Carnegie Mellon University
IT SecurityTrends
Gak PerluPinter Buat
Hacking
Didiet Kusumadihardja - didiet@arch.web.id
14Hacking Tools Example
Cain & AbelKali Linux
Didiet Kusumadihardja - didiet@arch.web.id
15
Source: SCMagazine
Modern Business
Cybercrime as a Service (CaaS)
Didiet Kusumadihardja - didiet@arch.web.id
16
How Hackersdo it?
Didiet Kusumadihardja - didiet@arch.web.id
17Hacking Phase
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Source: Ethical Hacking by EC-Council
Didiet Kusumadihardja - didiet@arch.web.id
18Hacking Phase (Cont’d)
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Information Gathering
OS Detail Open Port
Version
Device Type
Application Vulnerability
Exploit Vulnerability
Escalate PrivilegeBackdoors
Delete/overwrite Event/LogsData harvesting
Didiet Kusumadihardja - didiet@arch.web.id
19Hacking Phase Analogy
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Didiet Kusumadihardja - didiet@arch.web.id
20When we fools them?
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Didiet Kusumadihardja - didiet@arch.web.id
21Why at Scanning Phase?
TELNET SSH
Didiet Kusumadihardja - didiet@arch.web.id
22Scanning Tools
SoftPerfect Network Scanner
The Dude
Didiet Kusumadihardja - didiet@arch.web.id
23
How to fools them?
Didiet Kusumadihardja - didiet@arch.web.id
24Use a bait
Honey Pot
Hacker Bait
Didiet Kusumadihardja - didiet@arch.web.id
25Web Server Example
Web Server
HTTP HTTPS
=
Didiet Kusumadihardja - didiet@arch.web.id
26Confuse your enemy
HTTP HTTPS
Didiet Kusumadihardja - didiet@arch.web.id
27Server Farm Network Example
192.168.1.2 DNS Server192.168.1.5 Web Server192.168.1.10 DB Server192.168.1.15 Mail Server
SERVER X
192.168.1.0/24
Didiet Kusumadihardja - didiet@arch.web.id
28Confuse your enemy
192.168.1.1 Fake Server 1192.168.1.2 DNS Server192.168.1.3 Fake Server 2192.168.1.4 Fake Server 3192.168.1.5 Web Server192.168.1.6 Fake Server 4192.168.1.7 Fake Server 5192.168.1.8 Fake Server 6192.168.1.9 Fake Server 7192.168.1.10 DB Server192.168.1.11 Fake Server 8192.168.1.12 Fake Server 9192.168.1.13 Fake Server 10192.168.1.14 Fake Server 11192.168.1.15 Mail Server 192.168.1.0/24
Didiet Kusumadihardja - didiet@arch.web.id
29
How we do it with Mikrotik?
Didiet Kusumadihardja - didiet@arch.web.id
30
NAT(Network Address Translation)
Didiet Kusumadihardja - didiet@arch.web.id
31
Fake NAT
Didiet Kusumadihardja - didiet@arch.web.id
32Fake Ports at your Web Server
HTTP & HTTPS toLegitimate Server
Other Ports toFake Server
Didiet Kusumadihardja - didiet@arch.web.id
33Simple NAT for Web Server
INTERNET
ROUTER WEB SERVER192.168.2.3
Chain Action
NAT (Port Mapping)
10.0.0.1
Didiet Kusumadihardja - didiet@arch.web.id
34Add Additional NAT for Bait
Web Server192.168.2.3 Fake Server
(Honey Pot)192.168.2.4
Chain Action
Didiet Kusumadihardja - didiet@arch.web.id
35Fake Server at your Server Farm Network
Only one legitimateserver
Others are Fake Server
Didiet Kusumadihardja - didiet@arch.web.id
36Another Example
Web Server192.168.2.3
Fake Server(Honey Pot)192.168.2.4
Chain Action
Didiet Kusumadihardja - didiet@arch.web.id
37Combine with Honey Pot
KFSensorOthers HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes
Didiet Kusumadihardja - didiet@arch.web.id
38What Hacker See (NMAP)
Before After
Nmap / Zenmap
Didiet Kusumadihardja - didiet@arch.web.id
39What Hacker See (SoftPerfect NetScan)
Before After
SoftPerfect Network Scanner
Didiet Kusumadihardja - didiet@arch.web.id
40I don’t want to use HoneyPot
Step 1: Chain
Step 2: Action
Didiet Kusumadihardja - didiet@arch.web.id
41What we see, If someone PING
SRC-MAC ADDRESSSRC-IP ADDRESS
Didiet Kusumadihardja - didiet@arch.web.id
42What we see, If someone NMAP
Mikrotik LOG:
Didiet Kusumadihardja - didiet@arch.web.id
43The Dude, Hotspot & Userman
IP Address MAC Address User ID Person
Didiet Kusumadihardja - didiet@arch.web.id
44Use Case 1
Internet Café(WARNET)
University
OfficeInsider Threat
Didiet Kusumadihardja - didiet@arch.web.id
45Use Case 2
AnalyticsFor Fun
Learn hacking methodfrom hacker / script kiddies
Research
http://public.honeynet.id
(Low Interaction Honeypot)(High Interaction Honeypot)
Didiet Kusumadihardja - didiet@arch.web.id
46
Thank you..
Question?
DIDIET KUSUMADIHARDJA
didiet@arch.web.idhttp://didiet.arch.web.id/
https://www.facebook.com/ArchNetID/
Recommended