Top Banner
Proses Serangan terhadap Jaringan Komputer
14

Proses Serangan terhadap Jaringan Komputer

Feb 24, 2016

Download

Documents

kin

Proses Serangan terhadap Jaringan Komputer. Reconnaissance dan footprinting Scanning Enumerasi Mendapatkan Akses Eskalasi Membuat Backdoor dan menyembunyikan jejak. Reconnaissance. Fase persiapan awal - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Proses  Serangan terhadap Jaringan Komputer

Proses Serangan terhadap Jaringan Komputer

Page 2: Proses  Serangan terhadap Jaringan Komputer

• Reconnaissance dan footprinting

• Scanning• Enumerasi• Mendapatkan Akses• Eskalasi• Membuat Backdoor dan

menyembunyikan jejak

Page 3: Proses  Serangan terhadap Jaringan Komputer
Page 4: Proses  Serangan terhadap Jaringan Komputer

Reconnaissance

• Fase persiapan awal• Mencari informasi sebanyak-banyaknya

mengenai target/korban sebelum melakukan serangan

• Informasi bisa didapat dari target/korban maupun tempat lain yg terkait dengan terkait/korban

Page 5: Proses  Serangan terhadap Jaringan Komputer

footprinting

• Cetak biru dari profile korban/target• Fase ini memakan waktu 90% dari attacker

dalam melakukan aksinya (10% untuk menyerang target)

• Foot-printing perlu dibuat secara sistematik untuk memastikan semua informasi yg terkumpul dan akan digunakan terkait dengan target

Page 6: Proses  Serangan terhadap Jaringan Komputer
Page 7: Proses  Serangan terhadap Jaringan Komputer

Registrant: PT Kompas Media Nusantara Jalan Palmerah Selatan 26-28 Jakarta, Jakarta 10270 ID

Domain name: KOMPAS.COM

Administrative Contact: Division, Internet [email protected] Jalan Palmerah Selatan 26-28 Jakarta, Jakarta 10270 ID 1(888)811-8681 Technical Contact: Administration, VIC DNS [email protected] P.O. Box 31571 Knoxville, TN 37930 US 865 470 7851 Fax: 865 470 7369

Registration Service Provider: Virtual Interactive Center, [email protected] 865 524 8888 865 524 0740 (fax) Please contact us for domain login/passwords, DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC. Record last updated on 09-Dec-2004. Record expires on 17-Dec-2006. Record created on 18-Dec-1995.

Domain servers in listed order: NS.VIC.COM 64.203.64.10 NS2.VIC.COM 64.203.64.11 Domain status: ACTIVE

KOMPAS.COM

Page 8: Proses  Serangan terhadap Jaringan Komputer

Scanning

• Scanning can be compared to a thief checking all the doors and windows of a house he wants to break into.

• Scanning- The art of detecting which systems are alive and reachable via the internet and what services they offer, using techniques such as ping sweeps, port scans and operating system identification, is called scanning.

The kind of information collected here has to do with the following:

1) TCP/UDP services running on each system identified. 2) System architecture (Sparc, Alpha, x86) 3) Specific IP address of systems reachable via the internet. 4) Operating System type.

Page 9: Proses  Serangan terhadap Jaringan Komputer

PING SWEEPS

ICMP SWEEPS

ICMP ECHO request

ICMP ECHO replyTarget alive Intruder

Querying multiple hosts – Ping sweep is fairly slowExamples UNIX – fping and gping

WINDOWS - Pinger

Page 10: Proses  Serangan terhadap Jaringan Komputer

Broadcast ICMPIntruder Network

ICMP ECHO request

ICMP ECHO reply

ICMP ECHO reply

ICMP ECHO reply

Can Distinguish between UNIX and WINDOWS machine

UNIX machine answers to requests directed to the network address.

WINDOWS machine will ignore it.

Page 11: Proses  Serangan terhadap Jaringan Komputer

PING SWEEPS

NON – ECHO ICMPExample ICMP Type 13 – (Time Stamp)

• Originate Time Stamp - The time the sender last touched the message before sending

• Receive Time Stamp - The echoer first touched it on receipt.

• Transmit Time Stamp - The echoer last touched on sending it.

Page 12: Proses  Serangan terhadap Jaringan Komputer

PING Sweeps

TCP Sweeps

ServerClient

C(SYN:PortNo & ISN)

S (SYN & ISN) + ACK[ C (SYN+!) ]

RESET (not active)

S(ISN+1)

When will a RESET be sent?

When RFC does not appear correct while appearing.

RFC = (Destination (IP + port number) & Source( IP & port number))

Page 13: Proses  Serangan terhadap Jaringan Komputer

Port Scanning Types

• TCP Connect() ScanSYN packet

SYN/ACK listening

RST/ACK (port not listening)

SYN/ACK

A connection is terminated after the full length connection establishment process has been completed

Page 14: Proses  Serangan terhadap Jaringan Komputer

14

Enumeration• Enumeration extracts information about:

– Resources or shares on the network– User names or groups assigned on the network– Last time user logged on– User’s password

• Before enumeration, you use Port scanning and footprinting– To Determine OS being used

• Intrusive process