1. Information Networking Security and Assurance Lab National Chung Cheng University dsniff

2. Information Networking Security and Assurance Lab National Chung Cheng University 2 Outline Objective dsniff toolbox How to use them to find out secret

3. Information Networking Security and Assurance Lab National Chung Cheng University 3 Objective Collect the secret information from network

4. Information Networking Security and Assurance Lab National Chung Cheng University 4 Description Is a sniffer like tcpdump, comm viewbut dsniff focus on ID,PW Dsniff is a collection of tools for network

5. Information Networking Security and Assurance Lab National Chung Cheng University 5 Sniffer toolbox Spoofing tools  Arpspoof  Dnsspoof  Macof TCP tools  Tcpkill  Tcpnice Sniffer tools  Dsniff  Filesnarf  Msgsnarf  Sshmitm  Urlsnarf  Webmitm  Webspy

6. Information Networking Security and Assurance Lab National Chung Cheng University 6 Install dsniff Require  OS: Gentoo Linux x86 #emerge dsniff http://www.monkey.org/~dugsong/dsniff/

7. Information Networking Security and Assurance Lab National Chung Cheng University 7 Arpspoof ARP (Address Resolution Protocol)  IP=>Ethernet MAC Address --Broadcast-- Hey everyone which Ethernet Card has IP 10.0.0.1 --Reply-- I ’ m 10.0.0.1 My MAC address is ….. … …  MACPort 00:0E:A6:42:AC:D11 00:40:F4:8B:AC:153 2 00:0E:A6:42:AC:D14

8. Information Networking Security and Assurance Lab National Chung Cheng University 8 Network Environment Note: IP forward must be enable

9. Information Networking Security and Assurance Lab National Chung Cheng University 9 Mike before attack Action ! Arpspoof- action ! Bingo ! Original After attack

10. Information Networking Security and Assurance Lab National Chung Cheng University 10 Dnsspoof DNS runs on UDP protocol Send out a forge query and response

11. Information Networking Security and Assurance Lab National Chung Cheng University 11 Network Environment

12. Information Networking Security and Assurance Lab National Chung Cheng University 12 Dnsspoof Create DNS query file Dnsspoof go! Wow … Our heaven INSA Oh …. Ya …. INSA was dead …

13. Information Networking Security and Assurance Lab National Chung Cheng University 13 Dsniff Password sniffer FTP, telnet, SMTP, POP, HTTP

14. Information Networking Security and Assurance Lab National Chung Cheng University 14 Network Environment

15. Information Networking Security and Assurance Lab National Chung Cheng University 15 Dsniff-catch Mike’s password Setup the “mousetrap” Enjoy password

16. Information Networking Security and Assurance Lab National Chung Cheng University 16 Macof Cause switch act like a hub MAC Port 00:0C:6E:0B:A9:36 1 00:40:F4:8B:AC:15 3 00:0E:A6:42:AC:D1 6 1 K 4 K

17. Information Networking Security and Assurance Lab National Chung Cheng University 17 Network Environment

18. Information Networking Security and Assurance Lab National Chung Cheng University 18 Macof- confuse switch

19. Information Networking Security and Assurance Lab National Chung Cheng University 19 Msgsnarf Instant message sniffer MSN, Yahoo messenger, ICQ, IRC Search specify pattern

20. Information Networking Security and Assurance Lab National Chung Cheng University 20 Network Environment

21. Information Networking Security and Assurance Lab National Chung Cheng University 21 Msgsnarf-get the secret talk

22. Information Networking Security and Assurance Lab National Chung Cheng University 22 Sshmitm SSH monkey-in-the-middle Relay session Capturing SSH password logins Hijacking interactive sessions. Only SSH protocol version 1

23. Information Networking Security and Assurance Lab National Chung Cheng University 23 Network Environment

24. Information Networking Security and Assurance Lab National Chung Cheng University 24 Sshmitm show time Attack1 Roy Mike

25. Information Networking Security and Assurance Lab National Chung Cheng University 25 Tcpkill Kill a TCP connection by spoofing a RST packet

26. Information Networking Security and Assurance Lab National Chung Cheng University 26 Network Environment

27. Information Networking Security and Assurance Lab National Chung Cheng University 27 Tcpkill- Jei kill Roy Victim1 Mike: 接好 !! 最高機密 !! Roy: 小心隔牆有耳 !! Jei: 又排擠我！ 搞破壞 !! ftp.ccu.edu.tw Attacker 暗自竊喜 … 看我的... 哇哈哈哈.. 為民除害 怎麼了？ 怎麼了？嗚嗚 … 躲在牆後面 - ( 偷笑中 …)

28. Information Networking Security and Assurance Lab National Chung Cheng University 28 Tcpnice Slow down the connection speed Change the window size 1 20 Win 160 Win 8

29. Information Networking Security and Assurance Lab National Chung Cheng University 29 Network Environment

30. Information Networking Security and Assurance Lab National Chung Cheng University 30 Tcpnice Normal speed No any tcpnice Tcpnice enable After a moment… Slower … 1 MB->464kB

31. Information Networking Security and Assurance Lab National Chung Cheng University 31 Urlsnarf Grab any URLs from HTTP traffic

32. Information Networking Security and Assurance Lab National Chung Cheng University 32 Network Environment

33. Information Networking Security and Assurance Lab National Chung Cheng University 33 Urlsnarf

34. Information Networking Security and Assurance Lab National Chung Cheng University 34 Webspy Sniff the victim’s web traffic and connect to

35. Information Networking Security and Assurance Lab National Chung Cheng University 35 Network Environment

36. Information Networking Security and Assurance Lab National Chung Cheng University 36 Webspy- interact with you Need netscape

37. Information Networking Security and Assurance Lab National Chung Cheng University 37 特別鳴謝 --- 友情客串 --- Mike 莊明霓飾 Jei 廖威捷飾 --- 場地 --- insafs.comm.ccu.edu.tw bbs.ccu.edu.tw insa test-bed 140.123.113.77 --- 道具 --- INSA Lab. --- 特別贊助 --- Microsoft IBM Netscreen.. ( 太多了 由衷感謝 ) --- 執行製作 --- Roy --- 導演 --- Roy =THE END=