SlideShare una empresa de Scribd logo

TCPIP

idsecconf
idsecconf
1 de 18
Descargar para leer sin conexión
Mastering the Network HackingFU y3dips {y3dips/at/echo/or/id}
Ada apa dengan TCP/IP  Sudah Tua, kurang lebih 30 tahun.  Dibuat tanpa memperhatikan keamanan − Contoh : Telnet, FTP, SMTP  Celah sesungguhnya pada layer IP (v4) − Tidak ada metode verifikasi & enkripsi − Rentan terhadap IP spoofing dan MITM Mastering the Network HackingFU – y3dips
Terkenal  Tunneling  Spoofing  Sniffing  ddos/botnet Mastering the Network HackingFU – y3dips
Tunneling ● TOR (the Onion Router) – “Emerge tor privoxy” – Konfigurasikan untuk jalan berbarengan ● Forward­socks4a   /               127.0.0.1:9050 . ● Node TOR bisa dibuat siapa saja – Gov, Mil, Mafia, dan siapa saja ● Gunakan enkripsi, atau prinsip dual tunnel ● https://www.torproject.org/
Tunneling ● SSH Tunneling “ssh user@server ­D port  ● Stunnel ­ stunnel.org ● Mengamankan transaksi melalui protokol2  tanpa enkripsi – Tunneling http, smb melalui ssh/stunnel
Spoofing Mastering the Network HackingFU – y3dips
Monkey In the middle attack Mastering the Network HackingFU – y3dips
Bertahan dengan Unix • Paper Baca di http://www.slideshare.net/y3dips/arpwall-protect-from-arp-spoofing/ • ARPWatch ,Swatch, PyGTK (alert.py) ARPWALL ● Arp –s [ip] [mac] http://code.google.com/p/arpwall/ Wanna help ? Mastering the Network HackingFU – y3dips
dDOS • Untuk Dos, lihat http://www.slideshare.net/y3dips/denial-of-services/ • Deteksi Botnet via SNMP – 6666 – 7000 open • Syn attack v.s Syn Cookies • Teknik baru (sebenarnya lama) – http://it.slashdot.org/article.pl?sid=08/10/01/0127245 Mastering the Network HackingFU – y3dips
Dunia Liar  Tidak Standar (proprietary)  Tertutup (closed source)  Selamat tinggal anak-anak (kiddo)  Kuat? Mastering the Network HackingFU – y3dips
Dunia Liar  Aplikasi scanner umumnya tak berdaya NMAP, Nessus, superscan  Bekerja berdasarkan data yang di input  Metode handshake berbeda Mastering the Network HackingFU – y3dips
Perlengkapan  Python [kemampuan programming]  Scapy (pakcet Manipulating platform)  Spoofing  Sniffing (tcpdump only?)  Some l33t tools (THCAmapcrap) Mastering the Network HackingFU – y3dips
NMAP vs AMAP Mastering the Network HackingFU – y3dips
Scapy Mastering the Network HackingFU – y3dips
Aplikasi Pribadi • Tidak kuat, bahkan “’relatif’ lebih lemah Hanya telnet secara multiple dan mereka mati • Tcp/ip memang bercelah, Aplikasi yang berjalan diatasnya membawa dosa yang sama • Tanpa metode verifikasi + enkripsi • Tidak ada akses kontrol, otentikasi, session timeout, limitasi koneksi Mastering the Network HackingFU – y3dips
Tips Info di Jaringan  Snmp (default community strings)  Smtp ( vrfy dan expn verbs ; enumerate user)  Ftp (user enum)  Pop3 (user enum) Mastering the Network HackingFU – y3dips
Bertahan? • IPV6 • Medukung Autentikasi , IP proteksi dan Trafik Kontrol • Alasan politis dan bisnis maka belum populer. Mastering the Network HackingFU – y3dips
Santai Tanya & Jawab Terima Kasih - Komite - himatif UPN - Kamu!, ya kamu yang mendukung acara ini. Mastering the Network HackingFU – y3dips

Recomendados

Tugas pti
Tugas ptiTugas pti
Tugas ptiagusriyanto1990
 
Sistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanSistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanDuwinowo NT
 
Powerpointku
PowerpointkuPowerpointku
PowerpointkuEuis Chealim
 
7 spread spectrum
7 spread spectrum7 spread spectrum
7 spread spectrumUNTUNGSG
 
Snort
SnortSnort
SnortMunir Putra
 
Keamanan jaringan
Keamanan jaringanKeamanan jaringan
Keamanan jaringanShabrina Dewi
 
Firewall 2 nat
Firewall 2 natFirewall 2 nat
Firewall 2 natFajar Rohmawan
 
indounderground, Carding, carder and why you should avoid it!
indounderground, Carding, carder and why you should avoid it! indounderground, Carding, carder and why you should avoid it!
indounderground, Carding, carder and why you should avoid it!idsecconf
 

Recomendados

Tugas pti
Tugas ptiTugas pti
Tugas ptiagusriyanto1990
 
Sistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanSistem deteksi intrusion berbasis jaringan
Sistem deteksi intrusion berbasis jaringanDuwinowo NT
 
Powerpointku
PowerpointkuPowerpointku
PowerpointkuEuis Chealim
 
7 spread spectrum
7 spread spectrum7 spread spectrum
7 spread spectrumUNTUNGSG
 
Snort
SnortSnort
SnortMunir Putra
 
Keamanan jaringan
Keamanan jaringanKeamanan jaringan
Keamanan jaringanShabrina Dewi
 
Firewall 2 nat
Firewall 2 natFirewall 2 nat
Firewall 2 natFajar Rohmawan
 
indounderground, Carding, carder and why you should avoid it!
indounderground, Carding, carder and why you should avoid it! indounderground, Carding, carder and why you should avoid it!
indounderground, Carding, carder and why you should avoid it!idsecconf
 
Generating the responses
Generating the responsesGenerating the responses
Generating the responsesidsecconf
 
A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Baileyidsecconf
 
LockPicking (paper) - Mr.pick
LockPicking (paper) - Mr.pickLockPicking (paper) - Mr.pick
LockPicking (paper) - Mr.pickidsecconf
 
Reksoprodjo cyber warfare stmik bali 2010
Reksoprodjo cyber warfare stmik bali 2010Reksoprodjo cyber warfare stmik bali 2010
Reksoprodjo cyber warfare stmik bali 2010idsecconf
 
Dfox - A Day To ShutDown Indonesian Internet Core Routing
Dfox - A Day To ShutDown Indonesian Internet Core Routing Dfox - A Day To ShutDown Indonesian Internet Core Routing
Dfox - A Day To ShutDown Indonesian Internet Core Routing idsecconf
 
Analisa kejahatan menggunakan jaringan gsm
Analisa kejahatan menggunakan jaringan gsm Analisa kejahatan menggunakan jaringan gsm
Analisa kejahatan menggunakan jaringan gsm idsecconf
 
Network security
Network securityNetwork security
Network securitymho3yank
 
Attacking The Lan
Attacking The LanAttacking The Lan
Attacking The Lanphanleson
 
Materi 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputerMateri 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputersulaiman yunus
 
Pertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okPertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okRoziq Bahtiar
 
SNORT
SNORTSNORT
SNORTFadlul Fikri
 
Firewall
FirewallFirewall
Firewallrizqi_hendrian
 
Onno hacker
Onno hackerOnno hacker
Onno hackermesutbrathama
 
Network security
Network securityNetwork security
Network securityarri adhy
 
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...PrimaTriPuspita
 
INSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptINSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptnabilaalea
 
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...RizkaFitriani3
 
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...ViviApriliza
 
Cara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanCara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanWarnet Raha
 
Keamanan s&i
Keamanan s&iKeamanan s&i
Keamanan s&iFedrix Patrianus
 
Scanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingScanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingAwaludin Siking
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshootingPAMBAH.Corp
 

Más contenido relacionado

Destacado

Generating the responses
Generating the responsesGenerating the responses
Generating the responsesidsecconf
 
A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Baileyidsecconf
 
LockPicking (paper) - Mr.pick
LockPicking (paper) - Mr.pickLockPicking (paper) - Mr.pick
LockPicking (paper) - Mr.pickidsecconf
 
Reksoprodjo cyber warfare stmik bali 2010
Reksoprodjo cyber warfare stmik bali 2010Reksoprodjo cyber warfare stmik bali 2010
Reksoprodjo cyber warfare stmik bali 2010idsecconf
 
Dfox - A Day To ShutDown Indonesian Internet Core Routing
Dfox - A Day To ShutDown Indonesian Internet Core Routing Dfox - A Day To ShutDown Indonesian Internet Core Routing
Dfox - A Day To ShutDown Indonesian Internet Core Routing idsecconf
 
Analisa kejahatan menggunakan jaringan gsm
Analisa kejahatan menggunakan jaringan gsm Analisa kejahatan menggunakan jaringan gsm
Analisa kejahatan menggunakan jaringan gsm idsecconf
 

Destacado (6)

Generating the responses
Generating the responsesGenerating the responses
Generating the responses
 
A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Bailey
 
LockPicking (paper) - Mr.pick
LockPicking (paper) - Mr.pickLockPicking (paper) - Mr.pick
LockPicking (paper) - Mr.pick
 
Reksoprodjo cyber warfare stmik bali 2010
Reksoprodjo cyber warfare stmik bali 2010Reksoprodjo cyber warfare stmik bali 2010
Reksoprodjo cyber warfare stmik bali 2010
 
Dfox - A Day To ShutDown Indonesian Internet Core Routing
Dfox - A Day To ShutDown Indonesian Internet Core Routing Dfox - A Day To ShutDown Indonesian Internet Core Routing
Dfox - A Day To ShutDown Indonesian Internet Core Routing
 
Analisa kejahatan menggunakan jaringan gsm
Analisa kejahatan menggunakan jaringan gsm Analisa kejahatan menggunakan jaringan gsm
Analisa kejahatan menggunakan jaringan gsm
 

Similar a TCPIP

Network security
Network securityNetwork security
Network securitymho3yank
 
Attacking The Lan
Attacking The LanAttacking The Lan
Attacking The Lanphanleson
 
Materi 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputerMateri 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputersulaiman yunus
 
Pertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okPertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okRoziq Bahtiar
 
Network security
Network securityNetwork security
Network securityarri adhy
 
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...PrimaTriPuspita
 
INSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptINSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptnabilaalea
 
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...RizkaFitriani3
 
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...ViviApriliza
 
Cara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanCara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanWarnet Raha
 
Scanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingScanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingAwaludin Siking
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshootingPAMBAH.Corp
 
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...RonnaAzaniDwiSeptian
 
Merancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_networkMerancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_networkRoyon Reys Rumapea
 
Ethical Hacking3
Ethical Hacking3Ethical Hacking3
Ethical Hacking3dodontn
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshootingsuparma
 

Similar a TCPIP (20)

Network security
Network securityNetwork security
Network security
 
Attacking The Lan
Attacking The LanAttacking The Lan
Attacking The Lan
 
Materi 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputerMateri 6-keamanan-komputer-keamanan-jringan-komputer
Materi 6-keamanan-komputer-keamanan-jringan-komputer
 
Pertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan okPertemuan13 exploitasikeamanan ok
Pertemuan13 exploitasikeamanan ok
 
SNORT
SNORTSNORT
SNORT
 
Firewall
FirewallFirewall
Firewall
 
Onno hacker
Onno hackerOnno hacker
Onno hacker
 
Network security
Network securityNetwork security
Network security
 
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
10. sim,prima tri puspita, hapzi ali, information security, universitas mercu...
 
INSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.pptINSIDEN KEAMANAN.ppt
INSIDEN KEAMANAN.ppt
 
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
10. sim,rizka fitriani, hapzi ali, information security, universitas mercu bu...
 
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
10. sim,vivi apriliza, hapzi ali, information security, universitas mercu bua...
 
Cara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringanCara mendesain sistem keamanan jaringan
Cara mendesain sistem keamanan jaringan
 
Keamanan s&i
Keamanan s&iKeamanan s&i
Keamanan s&i
 
Scanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin SikingScanning, Sniffing & Eavesdropping - Awaludin Siking
Scanning, Sniffing & Eavesdropping - Awaludin Siking
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshooting
 
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
10. sim, ronna azami dwi septiani, hapzi ali, information security, universit...
 
Merancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_networkMerancang bangun dan_menganalisa_wide_area_network
Merancang bangun dan_menganalisa_wide_area_network
 
Ethical Hacking3
Ethical Hacking3Ethical Hacking3
Ethical Hacking3
 
Modul network troubleshooting
Modul network troubleshootingModul network troubleshooting
Modul network troubleshooting
 

Más de idsecconf

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfidsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfidsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...idsecconf
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...idsecconf
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfidsecconf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidadaidsecconf
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaidsecconf
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwiantoidsecconf
 

Más de idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
 

TCPIP

  • 1. Mastering the Network HackingFU y3dips {y3dips/at/echo/or/id}
  • 2. Ada apa dengan TCP/IP  Sudah Tua, kurang lebih 30 tahun.  Dibuat tanpa memperhatikan keamanan − Contoh : Telnet, FTP, SMTP  Celah sesungguhnya pada layer IP (v4) − Tidak ada metode verifikasi & enkripsi − Rentan terhadap IP spoofing dan MITM Mastering the Network HackingFU – y3dips
  • 3. Terkenal  Tunneling  Spoofing  Sniffing  ddos/botnet Mastering the Network HackingFU – y3dips
  • 4. Tunneling ● TOR (the Onion Router) – “Emerge tor privoxy” – Konfigurasikan untuk jalan berbarengan ● Forward­socks4a   /               127.0.0.1:9050 . ● Node TOR bisa dibuat siapa saja – Gov, Mil, Mafia, dan siapa saja ● Gunakan enkripsi, atau prinsip dual tunnel ● https://www.torproject.org/
  • 5. Tunneling ● SSH Tunneling “ssh user@server ­D port  ● Stunnel ­ stunnel.org ● Mengamankan transaksi melalui protokol2  tanpa enkripsi – Tunneling http, smb melalui ssh/stunnel
  • 6. Spoofing Mastering the Network HackingFU – y3dips
  • 7. Monkey In the middle attack Mastering the Network HackingFU – y3dips
  • 8. Bertahan dengan Unix • Paper Baca di http://www.slideshare.net/y3dips/arpwall-protect-from-arp-spoofing/ • ARPWatch ,Swatch, PyGTK (alert.py) ARPWALL ● Arp –s [ip] [mac] http://code.google.com/p/arpwall/ Wanna help ? Mastering the Network HackingFU – y3dips
  • 9. dDOS • Untuk Dos, lihat http://www.slideshare.net/y3dips/denial-of-services/ • Deteksi Botnet via SNMP – 6666 – 7000 open • Syn attack v.s Syn Cookies • Teknik baru (sebenarnya lama) – http://it.slashdot.org/article.pl?sid=08/10/01/0127245 Mastering the Network HackingFU – y3dips
  • 10. Dunia Liar  Tidak Standar (proprietary)  Tertutup (closed source)  Selamat tinggal anak-anak (kiddo)  Kuat? Mastering the Network HackingFU – y3dips
  • 11. Dunia Liar  Aplikasi scanner umumnya tak berdaya NMAP, Nessus, superscan  Bekerja berdasarkan data yang di input  Metode handshake berbeda Mastering the Network HackingFU – y3dips
  • 12. Perlengkapan  Python [kemampuan programming]  Scapy (pakcet Manipulating platform)  Spoofing  Sniffing (tcpdump only?)  Some l33t tools (THCAmapcrap) Mastering the Network HackingFU – y3dips
  • 13. NMAP vs AMAP Mastering the Network HackingFU – y3dips
  • 14. Scapy Mastering the Network HackingFU – y3dips
  • 15. Aplikasi Pribadi • Tidak kuat, bahkan “’relatif’ lebih lemah Hanya telnet secara multiple dan mereka mati • Tcp/ip memang bercelah, Aplikasi yang berjalan diatasnya membawa dosa yang sama • Tanpa metode verifikasi + enkripsi • Tidak ada akses kontrol, otentikasi, session timeout, limitasi koneksi Mastering the Network HackingFU – y3dips
  • 16. Tips Info di Jaringan  Snmp (default community strings)  Smtp ( vrfy dan expn verbs ; enumerate user)  Ftp (user enum)  Pop3 (user enum) Mastering the Network HackingFU – y3dips
  • 17. Bertahan? • IPV6 • Medukung Autentikasi , IP proteksi dan Trafik Kontrol • Alasan politis dan bisnis maka belum populer. Mastering the Network HackingFU – y3dips
  • 18. Santai Tanya & Jawab Terima Kasih - Komite - himatif UPN - Kamu!, ya kamu yang mendukung acara ini. Mastering the Network HackingFU – y3dips