2016. 5. 16. 16:34ㆍ네트워크 보안 수업/네트워크 취약점 분석
2016 world it show 이번 주 금요일부터
TCP( Transmission Control Protocol )
- 신뢰할 수 있는 통신
- 속도가 느린 편( UDP에 비해서 )
- MSU( Maximum Segment Unit): 1500byte
0000 ce 41 소스 포트 번호
00 50 도착지 포트 번호
4d 04 a7 7d 시퀀스 넘버
00 00 00 00 애크놀로지 넘버
80 헤더의 크기 (가변적, 헤더 자체의 길이) 4비트씩 나눠서 계산
02 플래그
ff ff window size(이 정도의 사이즈까지 허용할수 있음)
0010 7f ec 체크섬
00 00 최소크기를 맞추기 위한 더미데이터
02 04 05 b4 01 03 03 01 01 01 04 02
session -> 3-way handshake
3-way handshake
0000 50 6a 03 af 2a 98 90 9f 33 ec d2 ac 08 00 45 00
0010 00 34 3d e9 40 00 80 06 90 c3 c0 a8 0f 10 7d d1
0020 de 8d ce 41 00 50 4d 04 a7 7d 00 00 00 00 80 02
0030 ff ff 7f ec 00 00 02 04 05 b4 01 03 03 01 01 01
0040 04 02
isn: 0xbff6788e isn: 0xfe6c0c0a
---------------------------------------------->
flag: syn
seq : 0x4d04a77d
ack : 0x00000000
<----------------------------------------------
flag: syn, ack
seq : 0x62fc5cee
ack : 0x4d04a77e
---------------------------------------------->
flag: ack
seq : 0x4f04a77e
ack : 0x62fc5cef
----------------------------------------------------------------------------------------
HTTP get
---------------------------------------------->
flag: psh, ack
seq : 0x4d04a77e
ack : 0x62fc5cef
total len: 667 ip + tcp + http
http len : 627 http
HTTP Response( TCP Segment)
<----------------------------------------------
flag: 0x62fc5cef ack
seq : 0x62fc5cef ack 필드
ack : 0x4d04a9f1 seq + http len
total len : 1500byte
data : 1460byte
TCP Segment
<----------------------------------------------
flag: 0x4d04a9f1 ack
seq : 0x62fc62a3 seq + htp len
ack : 0x4d04a9f1 ack
....
------------------------------------------------>
flag: ack
seq : ack
ack : seq
TCP Scanning
- stealth scan( half open )
syn ------------->
<---------syn, ack
DDOS
- TCP SYN Flooding
- HTTP GET Flooding
- Slow HTTP Read Attack
- HTTP Slowloris Attack
- HTTP Slow attack
50 6a 03 af 2a 98 08 00 27 25 5d 35 08 00 45 00
00 28 12 34 40 00 80 06 48 0b c0 a8 0f 8c c0 a8
0f b4 d1 ef 00 16 83 e6 05 f2 00 00 00 00 50 02
ff ff b3 73 00 00
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/ip.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <net/ethernet.h>
#include <arpa/inet.h>
struct eth_header {
unsigned char dst[6];
unsigned char src[6];
unsigned short type;
} __attribute__((packed));
struct ip_header{
unsigned char hlen:4;
unsigned char ver:4;
unsigned char service;
unsigned short total;
unsigned short id;
unsigned char flag;
unsigned char offset;
unsigned char ttl;
unsigned char type;
unsigned short chk;
unsigned int src;
unsigned int dst;
} __attribute__((packed));
struct tcp_header {
unsigned short src_port;
unsigned short dst_port;
unsigned char seq[4];
unsigned char ack[4];
unsigned char reserve:4;
unsigned char length:4;
unsigned char flag;
unsigned short window;
unsigned short chksum;
unsigned short dummy;
} __attribute__((packed));
struct pseudo_header {
unsigned long int src;
unsigned long int dst;
unsigned char zero;
unsigned char protocol;
unsigned short length;
struct tcp_header tcp;
} __attribute__((packed));
unsigned short csum ( unsigned short *buf, int nwords )
{
unsigned long sum;
u_short oddbyte;
register u_short answer;
sum = 0;
while( nwords > 1 ) {
sum += *buf++;
nwords -= 2;
}
if( nwords ==1 ) {
oddbyte = 0;
*((u_char *)&oddbyte) = *(u_char *)buf;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
int main(int argc, char *argv[])
{
int sock = 0;
struct sockaddr_ll sll;
struct eth_header eth;
struct ip_header ip;
struct tcp_header tcp;
struct pseudo_header pseudo;
char data[sizeof( eth ) + sizeof( ip ) + sizeof( tcp )] = {0,};
//create socket
sock = socket(PF_PACKET, SOCK_RAW, 0);
//socket struct
sll.sll_family = PF_PACKET;
sll.sll_ifindex = if_nametoindex("enp0s3");
sll.sll_halen = 6;
//ether header
//target mac address
eth.dst[0] = 0x50;
eth.dst[1] = 0x6a;
eth.dst[2] = 0x03;
eth.dst[3] = 0xaf;
eth.dst[4] = 0x2a;
eth.dst[5] = 0x98;
//src mac address
eth.src[0] = 0x08;
eth.src[1] = 0x00;
eth.src[2] = 0x27;
eth.src[3] = 0x25;
eth.src[4] = 0x5d;
eth.src[5] = 0x35;
//type
eth.type = htons(0x0800);
//ip header
//ver_len
ip.ver = 0x4;
ip.hlen = sizeof( ip ) >> 2;
//service
ip.service = 0x00;
//total
ip.total = htons( sizeof( ip ) + sizeof( tcp ));
//id
ip.id = htons( 0x1234 );
//flag & offset
ip.flag = 0x40;
ip.offset = 0x00;
//ttl
ip.ttl = 0x80;
//type
ip.type = 0x06;
//chk
ip.chk = 0x0000;
//src ip
ip.src = inet_addr("192.168.15.140");
//dst ip
ip.dst = inet_addr("192.168.15.180");
ip.chk = csum( (unsigned short *)&ip, sizeof( ip ) );
//tcp header
//type
tcp.src_port = htons(0xd1ef);
//code
tcp.dst_port = htons(0x0016);
//seq number
tcp.seq[0] = 0x83;
tcp.seq[1] = 0xe6;
tcp.seq[2] = 0x05;
tcp.seq[3] = 0xf2;
//ack number
tcp.ack[0] = 0x00;
tcp.ack[1] = 0x00;
tcp.ack[2] = 0x00;
tcp.ack[3] = 0x00;
//header length
tcp.length = sizeof(tcp)>>2;
tcp.reserve = 0x00;
//flag
tcp.flag = 0x02;
//window
tcp.window = htons(0xffff);
//chksum
tcp.chksum = 0x0000;
//dummy
tcp.dummy = 0x0000;
pseudo.src = ip.src;
pseudo.dst = ip.dst;
pseudo.zero = 0;
pseudo.protocol = 0x06;
pseudo.length = htons(sizeof(tcp));
memcpy( &pseudo.tcp, &tcp, sizeof(tcp));
tcp.chksum = csum((unsigned short *)&pseudo, sizeof(pseudo));
memcpy( data, ð, sizeof( eth ) );
memcpy( data + sizeof( eth ), &ip, sizeof( ip ) );
memcpy( data + sizeof( eth ) + sizeof( ip ), &tcp, sizeof( tcp ) );
int i = 0;
unsigned char *ptr = data;
for( i = 0; i < sizeof( data ); i++){
if( i != 0 && i % 16 ==0 ){ printf("\n"); }
printf("%02x ", *(ptr+i));
}
printf("\n");
//send
sendto(sock, data, sizeof(data), 0, (struct sockaddr *)&sll, sizeof(sll));
return 0;
}
'네트워크 보안 수업 > 네트워크 취약점 분석' 카테고리의 다른 글
| 네트워크 보안 수업 15일차 - 코리아 정보보안 IT학원 (0) | 2016.05.19 |
|---|---|
| 네트워크 보안수업 14일차 - 코리아 정보보안 IT학원 (0) | 2016.05.18 |
| 네트워크 보안 수업 11일차 - 코리아 정보보안 IT학원 (0) | 2016.05.12 |
| 네트워크 보안 수업 10일차 - 코리아 정보보안 IT학원 (0) | 2016.05.11 |
| 네트워크 보안 수업 9일차 - 코리아 정보보안 IT학원 (0) | 2016.05.10 |