Modul 2 Keamanan Jaringan

Footprinting and Reconnaissance

Nah,,pengen sering2 nih..ini nih resume saya dari modul dua mengenai Footprinting dan Reconnaissance, diambil dari Career Academy gitu.

Yah,mungkin banyak kesalahan dan kekurangan, trus bahasanya juga bilingual gitu.hehehe

NIh dia ceritanya:

> Tentukan Informasi yang diinginkan, seperti:

-Semua domain names and IP ranges

-VPN points and analog/digital phone numbers

-Kontak

-Nomor telepon

-Related companies, recent mergers or splits

-All websites, links, HTML code

– even rogue websites -Facility location

-Security policies that might indicate what protection mechanisms are in place

-Alamat Email

-Recent security incidents

-Extranets

> Network reconnaissance:

-Network reconnaissance focus pada IP realm.

-Gathering IP

-related information Valid address ranges

-Nama sistem

-Routes and paths

-Nama Domain

-For paid engagements you may already have some of this information (if it is “White box”

> DNS Zone Transfer
Ketika penyerang menemukan sebuah target DNS server, dia akan attempt untuk mengekstrak data dari sana.
Resource records dapat menampilkan host and alamat IP ,tipe hardware, titik ke the mail server, titik ke
Active Directory servers on W2K domains, alias names, kemungkinan komentar berguna untuk titik ke sumber yang spesifi.
Langkahthe command-line:
Nslookup
Server <targetDNSServerIP>
Set type=any
Set class=any (people tend to forget this one, without it no MX will display)
Ls –d <domainname> (won’t work on every server, some admins deny)

> Zone Transfer from Linux
Command-line syntax
• Host –l –v –t any <host>
• Dig AXFR <domain>  <nameserver>
• Axfr target.com
• Nslookup

>Tracing Out a Network Path
Dititik ini attacker kebanyakan memiliki beberapa IP dari sistem internal, melalui zone transfers, menemukan alamat DNS server , and range IP register ke target yang ditemukan di ARIN.
Sekarang attacker akan melakukan traceroute (tracert in Windows) ke semua eksternal dan internal host yang memungkinkan untuk belajar sebanyak mungkin mengenai  topology jaringan and access points yang memungkinkan. Biasanya peralatan yang nampak dalam hasil traceroute, right before the specified target is the access control device.

> Paratrace
• Parasitic traceroute
• Bagian dari Paketto Keiretsu package
• Menggunakan a legitimate TCP session to “piggyback” a trace melalui stateful firewalls that don’t allow non-established inbound ICMP or UDP.
• Once launched it listens for the establishment of a TCP session to the target host (ex. Web browser to server). It then sends duplicate packets of the ones it hears with incrementing TTLs. When routers along the path receive a packet with TTL 0 they drop the packet and send an ICMP
response. Since the internal host initiates the ICMP traffic the firewall may allow it.
[root@Hacker root]# paratrace 172.16.8.100
Waiting to detect attachable TCP connection to host/net: 172.16.8.100
172.16.8.100:80/32 1-8
001 = 172.16.100.254|80 [01] 11.650s (172.16.100.66 -> 172.16.8.100)
002 = 172.16.1.2|80 [01] 11.650s (172.16.100.66 -> 172.16.8.100)
003 = 172.16.2.2|80 [02] 11.730s (172.16.100.66 -> 172.16.8.100)
004 = 172.16.6.2|80 [03] 11.750s (172.16.100.66 -> 172.16.8.100)
UP: 172.16.8.100:80 [04] 11.786s

>War Dialing for “Hanging” Modems
Salah satu dari yang termudah dan paling dioverlooked entry points to a system. Pekerja sering menginstall backchannel communications software/hardware tanpa pengetahuan atau izin dari administrasi IT.
Mesin Fax /servers dapat dieksploitasi dan mungkin running full-blown OS network seperti Windows/Linux.

>Footprinting Countermeasures
-ARIN
Lie or be vague
Don’t use personal names (can use fake name reserved for that purpose) AKA “Roll-Based” accounts
-DNS zone transfers
Allow only to approved secondaries
Block TCP 53 (may not be feasible in some cases)
-Traceroute (network infrastructure) countermeasures
Block all ICMP and UDP protocols that aren’t required at border routers
ICMP Type11/Code0 “TTL Exceeded” should be blocked OUTBOUND
NIDS (Network Intrusion Detection Systems)
-Modem countermeasures
Self audits and strict security policy
Modems that require passwords and multifactor authentication
-Wireless countermeasures (later chapter)
Rogue access point detection
Site survey plus antenna design
Beacon frames
Encryption

>Gather menyediakan semua informasi mengenai sasaran.

> sandi sumber Website dapat menyediakan struktur direktori  , OS , application/platform info , dan bahkan password . seperti mesin pencarian Google dan AltaVista dapat digunakan untuk menemukan segalanya dari yang tipe layanan ( TS , OWA , BB ) ke password terus diarahkan organization’s kehadiran internet . orang-orang sering menyerang sering melakukan dan paling merusakkan

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s