fools your enemy with mikrotik
TRANSCRIPT
Fools your enemy with Mikrotik
BY: DIDIET KUSUMADIHARDJAMIKROTIK USER MEETING (MUM) 2016JAKARTA, INDONESIA 14 OCTOBER 2016
Didiet Kusumadihardja - [email protected]
2About Me
Didiet Kusumadihardja1. IT Security Specialist
PT. Mitra Solusi Telematika
2. Trainer & IT Consultant Arch Networks
MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE
Didiet Kusumadihardja - [email protected]
3PT. Mitra Solusi Telematika
Gedung TMT 2. GFJl. Cilandak KKO
Jakarta
Didiet Kusumadihardja - [email protected]
6Global IT Security Incident 2015
3 Tahun di Hack ( 2012 – 2015)
Didiet Kusumadihardja - [email protected]
7Global IT Security Incident 2016
500 Juta Account
3 Miliar Account ???Source: Tech Times
Didiet Kusumadihardja - [email protected]
10Indonesia IT Security Incident 2013
polri.go.id2013
Deface
Motive: Fame?
Didiet Kusumadihardja - [email protected]
11Indonesia IT Security Incident 2016
Teman Ahok
DDoS Attack
Motive: Politics?
Didiet Kusumadihardja - [email protected]
12Indonesia IT Security Incident 2016
Videotron
Kebayoran BaruJakarta Selatan
Motive: Curiosity?
Didiet Kusumadihardja - [email protected]
13
Source: Carnegie Mellon University
IT SecurityTrends
Gak PerluPinter Buat
Hacking
Didiet Kusumadihardja - [email protected]
15
Source: SCMagazine
Modern Business
Cybercrime as a Service (CaaS)
Didiet Kusumadihardja - [email protected]
17Hacking Phase
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Source: Ethical Hacking by EC-Council
Didiet Kusumadihardja - [email protected]
18Hacking Phase (Cont’d)
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Information Gathering
OS Detail Open Port
Version
Device Type
Application Vulnerability
Exploit Vulnerability
Escalate PrivilegeBackdoors
Delete/overwrite Event/LogsData harvesting
Didiet Kusumadihardja - [email protected]
19Hacking Phase Analogy
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Didiet Kusumadihardja - [email protected]
20When we fools them?
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Didiet Kusumadihardja - [email protected]
27Server Farm Network Example
192.168.1.2 DNS Server192.168.1.5 Web Server192.168.1.10 DB Server192.168.1.15 Mail Server
SERVER X
192.168.1.0/24
Didiet Kusumadihardja - [email protected]
28Confuse your enemy
192.168.1.1 Fake Server 1192.168.1.2 DNS Server192.168.1.3 Fake Server 2192.168.1.4 Fake Server 3192.168.1.5 Web Server192.168.1.6 Fake Server 4192.168.1.7 Fake Server 5192.168.1.8 Fake Server 6192.168.1.9 Fake Server 7192.168.1.10 DB Server192.168.1.11 Fake Server 8192.168.1.12 Fake Server 9192.168.1.13 Fake Server 10192.168.1.14 Fake Server 11192.168.1.15 Mail Server 192.168.1.0/24
Didiet Kusumadihardja - [email protected]
32Fake Ports at your Web Server
HTTP & HTTPS toLegitimate Server
Other Ports toFake Server
Didiet Kusumadihardja - [email protected]
33Simple NAT for Web Server
INTERNET
ROUTER WEB SERVER192.168.2.3
Chain Action
NAT (Port Mapping)
10.0.0.1
Didiet Kusumadihardja - [email protected]
34Add Additional NAT for Bait
Web Server192.168.2.3 Fake Server
(Honey Pot)192.168.2.4
Chain Action
Didiet Kusumadihardja - [email protected]
35Fake Server at your Server Farm Network
Only one legitimateserver
Others are Fake Server
Didiet Kusumadihardja - [email protected]
36Another Example
Web Server192.168.2.3
Fake Server(Honey Pot)192.168.2.4
Chain Action
Didiet Kusumadihardja - [email protected]
37Combine with Honey Pot
KFSensorOthers HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes
Didiet Kusumadihardja - [email protected]
39What Hacker See (SoftPerfect NetScan)
Before After
SoftPerfect Network Scanner
Didiet Kusumadihardja - [email protected]
40I don’t want to use HoneyPot
Step 1: Chain
Step 2: Action
Didiet Kusumadihardja - [email protected]
41What we see, If someone PING
SRC-MAC ADDRESSSRC-IP ADDRESS
Didiet Kusumadihardja - [email protected]
43The Dude, Hotspot & Userman
IP Address MAC Address User ID Person
Didiet Kusumadihardja - [email protected]
44Use Case 1
Internet Café(WARNET)
University
OfficeInsider Threat
Didiet Kusumadihardja - [email protected]
45Use Case 2
AnalyticsFor Fun
Learn hacking methodfrom hacker / script kiddies
Research
http://public.honeynet.id
(Low Interaction Honeypot)(High Interaction Honeypot)
Didiet Kusumadihardja - [email protected]
46
Thank you..
Question?
DIDIET KUSUMADIHARDJA
[email protected]://didiet.arch.web.id/
https://www.facebook.com/ArchNetID/