정보보안 과정 Day42~52 : 네트워크 해킹과 보안

 

 

 

 

네트워크 해킹과 보안

 

 

 

01. Network Overview

 

[그림] TCP/IP Layer 중요 정보

[그림] 양방향 통신

 

TCP/IP 5 Layer versus OSI 7 Layer

 

 

 

 

02. Network Interface Layer

 

* Ethernet(EX: Ethernet S/W)

* LAN Transmission Media(EX: UTP CAT. 5e)

* Ethernet Frame Structure

* MAC 체계

 

[실습] MAC 주소 확인 및 검색하기

* http://www.coffer.com/mac_find

[실습] Ehternet Frame 구조

[과제] VLAN & VPN 대한 연구 및 분석 보고서

 

 

 

 

 

03. Internet Layer

 

1) ARP

* IP -> MAC

 

[실습] ARP 프로토콜 동작 원리

[실습] ARP 헤더 분석

[실습] ARP Cache Table 잘못된 MAC 등록

[실습] MAC 주소 임시 변경

[실습] Gratuituous ARP

[실습] ping.sh 제작

[실습] ARP spoofing 공격

[공부] ARP spoofing 대응 방안

[실습] arp.sh 제작(/etc/rc.local)

[실습] arpwatch.sh 제작

 

2) RARP

* MAC -> IP(PXE Boot/DHCP)

 

 

 

 

04. Internet Layer

 

1) ICMP

* ICMP

- ping CMD

- traceroute/tracert CMD

* ICMP Type/Code

- ICMP echo request(8/0)

- ICMP echo reply(0/0)

- ICMP destination unreachable(3/0,1,2,3)

 

[실습] ICMP 패킷 및 헤더 분석

* ICMP echo request/echo reply 패킷 분석

* Host unreachable

* Port unreachable

* Network unreachable

* "Network is unreachable"

[실습] traceroute CMD 실습

* C:\> tracert -4 -d 168.126.63.1

* # traceroute -I 168.126.63.1

[실습] Visualroute/OpenVisualRoute

 

2) IPv4

* IP/Netmask(Subnetmask/VLSM)

 

[실습] IPv4 헤더 분석

[실습] 패킷 분석 - "TTL" 필드 분석

* Linux(64), Windows(128), CISCO(255)

[실습] 패킷 분석 - IP Fragmentation

* Identification

* Flag

* Fragment Offset

[공부] Subnetting/VLSM

[실습] 잘못된 Netmask 설정하기

[실습] Routing Table 읽혀지는 순서

[실습] TOR/proxychains 서비스 사용

# apt-get -y install tor proxychains

# systemctl start tor

# proxychains CMD

[실습] VPN Client 설치(SoftEther)

 

3) IPv6

 

[공부] IPV6 주소 체계

Unicast Address

* Link-Local(fe80:)

* Site-Local(fec0:)

* Global(2 or 3)

Multicat Address(ff:)

[공부] IPv6 동작 원리

* Stateless Autoconfiguration

* Router Prefix Modification

* IP Duplecated Detection Algorithm

[실습] IPv4 versus IPv6 패킷 구조 비교

[실습] IPv6 Solicitation versus ARP

* ARP/RARP (X) -> NDP(Neighbor discovery protocol)

- Neighbor Solicitation (ICMP 135)

- Neighbor Advertisement(ICMP 136)

[실습] IPv6 Fragmentation

[실습] IP Autoconfiguration(stateless autoconfiguration)

[실습] Router Prefix Modification

[실습] IP Duplecated Detection

 

 

 

 

05. Transport Layer

[공부] TCP/UDP 프로토콜 특성

[공부] Port 번호 체계

 

[실습] "포트 열어 달라"

[실습] 자신의 열린 포트 점검

[실습] TCP 3-way handshake 패킷 분석

[실습] TCP 4-way handshake 패킷 분석

[실습] TCP Flag - RST/ACK

[실습] 패킷 분석 - telnet 패킷 분석

[실습] 패킷 분석 - ftp 패킷 분석

[실습] 패킷 분석 - Web 패킷 분석(http, https)

[실습] SSL/TLS Decryption with wireshark

[실습] 패킷 분석 - SAMBA 패킷 분석

[실습] 패킷 분석 - SSH 패킷 분석

[실습] 패킷 분석 - nslookup 패킷 분석

[실습] ping 안되는 사이트에 hping3 사용하기

[실습] Ping of Death 구현하기 - ping.sh

[실습] TCP Syn Flooding 실습 - msfconsole(synflood.rb)

[실습] synflood.rb 파일 분석

 

 

 

 

 

06. Application Layer

 

1) DHCP

 

[공부] DHCP 원리와 헤더 분석

[실습] 임대 시간(release time) 확인

[실습] DHCP DORA 프로세스 확인

[실습] DHCP renewal

[실습] DHCP 서버 구축/클라이언트 구축 및 패킷 분석

[실습] DHCPv6 패킷 구조

 

2) SMTP

 

[공부] 메일 용어(MTA/MUA), 메일 프로토콜(E-SMTP/POP3/IMAP)

[실습] 메일 패킷 분석

* Client -> MailA -> MailB -> Client

[실습] 메일의 첨부 파일 축출

[실습] 인코딩/디코딩 - base64

# base64 input.txt > output.enc.txt

# base64 -di output.enc.txt > output.txt

[실습] Brute Force Attack/Dictionary Attack

* (CLI)hydra CMD

* (GUI)xhydra

[실습] Ettercap 사용한 패킷 sniffing

[실습] Ettercap 사용한 DNS Spoofing

 

 

3) SNMP

 

* SW: NMS/MRTG

* 용어: MIB/OID

* 동작: GET/SET/TRAP

 

[실습] linux200 서버에 SNMP 서버 구축(net-snmp)

[실습] onesixtyone.sh 프로그램 개발

 

 

 

 

 

07. wireshark 이용한 패킷 분석

 

[분석] 공격 패킷 분석1/2/3/4

 

 

[01조]

2020-11-13 -- Traffic analysis exercise - Quiethub

2020-11-10 -- Traffic analysis quiz - Pcap and alerts for an ISC diary

2020-10-22 -- Traffic analysis exercise - Omegacast

2020-09-25 -- Traffic analysis exercise - Trouble Alert

2020-09-14 -- Traffic analysis quiz - Pcap and alerts for an ISC diary

2020-08-21 -- Traffic analysis exercise - Pizza-Bender

2020-08-04 -- Traffic analysis quiz - Pcap and alerts for an ISC diary

2020-07-31 -- Traffic analysis exercise - Tecsolutions

2020-06-12 -- Traffic analysis exercise - Frank-n-Ted (What's going on?)

2020-05-28 -- Traffic analysis exercise - Catbomber

2020-04-24 -- Traffic analysis exercise - SteelCoffee

2020-03-14 -- Traffic analysis exercise - Mondogreek

 

* 2011년도

 

[02조]

2020-02-21 -- Traffic analysis exercise - All aboard the hot mess express!

2020-01-30 -- Traffic analysis exercise - Sol-Lightnet

2019-12-25 -- Traffic analysis exercise - It happened on Christmas day

2019-12-03 -- Traffic analysis exercise - Icemaiden

2019-11-12 -- Traffic analysis exercise - Okay-boomer

2019-10-05 -- Traffic analysis exercise - Tinsolutions

2019-08-20 -- Traffic analysis exercise - Spraline

2019-07-19 -- Traffic analysis exercise - So hot right now

 

* 2012년도

 

[03조]

2019-06-22 -- Traffic analysis exercise - Phenomenoc

2019-05-02 -- Traffic analysis exercise - BeguileSoft

2019-04-15 -- Traffic analysis exercise - StingrayAhoy

2019-03-19 -- Traffic analysis exercise - LittleTigers

2019-02-23 -- Traffic analysis exercise - Stormtheory

2019-01-28 -- Traffic analysis exercise - Timbershade

2018-12-26 -- Two pcaps I provided for UA-CTF in November 2018

2018-12-18 -- Traffic analysis exercise - Eggnog soup

2018-11-13 -- Traffic analysis exercise - Turkey and defence

2018-11-01 -- Two pcaps I provided for UISGCON CTF in 2018

2018-10-31 -- Traffic analysis exercise - Happy Halloween!

2018-09-27 -- Traffic analysis exercise - Blank clipboard

2018-08-12 -- Traffic analysis exercise - Sputnik House

2018-07-15 -- Traffic analysis exercise - Oh noes! Torrentz on our network!

2018-06-30 -- Traffic analysis exercise - Sorting through the alerts

2018-05-11 -- Traffic analysis exercise - Night Dew

 

* 2013년도

 

[04조]

2018-04-11 -- Traffic analysis exercise - Dynaccoustic

2018-03-10 -- Traffic analysis exercise - Max Headroom

2018-02-13 -- Traffic analysis exercise - Office work

2018-01-16 -- Traffic analysis exercise - "Mars Smart"

2017-12-23 -- Traffic analysis exercise - Carlforce!

2017-12-15 -- Traffic analysis exercise - Two pcaps, two emails, two mysteries!

2017-11-21 -- Traffic analysis exercise - Juggling act: Find out what happened in 6 pcaps.

2017-10-21 -- Traffic analysis exercise - Doc Brown and Marty McFly: Back to the Present.

 

* 2014년도