臺灣博碩士論文加值系統

如今資訊科技在我們生活中愈來愈普遍。隨著資訊科技快速成長，我們
必須面對資訊安全損失的風險。監聽攻擊（或稱為網路監聽）是目前最普遍
的攻擊方式，監聽攻擊基於監聽設備竊聽薄弱訊息的一種攻擊方式。監聽攻
擊不容易被辨識與抵抗，特別是攻擊者在自身區域網路中執行攻擊程式竊聽
整個區域網路之重要資訊如帳號、密碼。除此之外，嗅探器為網路管理者監
控和維護網路強而有力的工具。
在本論文中，我們將會介紹監聽攻擊與線上竊聽資訊工具之原理和技術。
我們將會瞭解執行攻擊的機制並找出檢測與防禦此攻擊之方法。第一部份中，
我們將概述嗅探及執行嗅探攻擊時可以被嗅探器利用的 OSI 模型中的協定。
在第二部分中，將介紹監聽攻擊之工具，並利用這些工具撰寫小型攻擊程式
碼。我們還介紹一些形式的攻擊是嗅探。在第三部分中，我們構建了測試場
景並建議了嗅探攻擊檢測和預防方法。在本研究中，您可以找到合適的方法
來檢測和防止嗅探攻擊中的信息。

Today, information technology is more and more common in our life. Along
with its strong growth, we face the risk of loss of information safety. Sniffing
attack (as knowing as Eavesdropping attacks) is a common form of attack today.
Sniffing is a form of attack based on tools to eavesdrop on weak information.
Sniffing attack is hardly to recognize and against, especially when attacker belong
to your Local Area Network and run attack programs to Sniff important
information such as ID, password in the whole LAN. Besides that Sniffer is also a
powerful tool for network administrators to monitor and maintain your network.
In our thesis, we will go to research about the principles and techniques of
Sniffing attacks and tools of wiretapping information online. Then, we will
understand the mechanisms of implementation attacks to find out the methods to
detect and prevent this kind of attack. In the first part, we will bring an overview of
Sniffing, Sniffing operation method as well as protocols in the layers of the OSI
model that can be exploited by Sniffer. The second part will introduce some tools
for Sniffing and create some small attack scripts that use those tools. We also
introduce some form of attacks are Sniffing. In the third section, we built test
scenarios and recommended Sniffing attack detection and prevention methods. Youii
can find suitable methods to detect and prevent your information from Sniffing
attacks in this research.

摘要.............................................................................................................................i
Abstract ......................................................................................................................ii
Acknowledgements ...................................................................................................iv
Table of Contents .......................................................................................................v
List of Tables...........................................................................................................viii
List of Figures ...........................................................................................................ix
Chapter 1 INTRODUCTION.....................................................................................1
1.1 Some concepts about Sniffing .......................................................................2
1.2 Operation method of the Sniffers ..................................................................4
1.2.1 Passive Sniffing....................................................................................4
1.2.2 Active Sniffing.....................................................................................5
1.3 The protocols in the OSI model can be exploited by Sniffers ......................8
1.3.1 Telnet & Rlogin..................................................................................10
1.3.2 HTTP..................................................................................................11
1.3.3 SMTP .................................................................................................11
1.3.4 NNTP .................................................................................................12
1.3.5 POP.....................................................................................................12
1.3.6 FTP.....................................................................................................13
1.3.7 IMAP..................................................................................................15
Chapter 2 LEARN SOME SNIFFING TECHNICQUES........................................17
2.1 Some tools used for Sniffing .......................................................................17
2.1.1 TcpDump.................................................................................................17
2.1.2 EtherFlood...............................................................................................20
2.1.3 DSniff......................................................................................................21
2.2 Learn some Sniffing attacks ........................................................................25
2.2.1 ARP Poisoning ........................................................................................25
2.2.2. MAC Attack ...........................................................................................29
2.2.3 DNS Poisoning........................................................................................32vi
2.2.4. DHCP Attack..........................................................................................36
2.2.5. Spoofing Attack......................................................................................42
Chapter 3 EXPERIMENTS AND RESULTS .........................................................44
3.1 Use TcpDump to steal FTP password...........................................................44
3.1.1 Network model........................................................................................44
3.1.2 Attack script step by step ........................................................................45
3.1.3 Result summary.......................................................................................49
3.2 Use EtherFlood to conduct flooding ..............................................................49
3.2.1 Model ......................................................................................................49
3.2.2 Attack script step by step ........................................................................50
3.2.3 Result summary.......................................................................................52
3.3 Sniff password by DSniff...............................................................................52
3.3.1 Attack Scenario .......................................................................................52
3.3.2 Attack Process........................................................................................53
3.4 Perform “password stealing” feature in Ettercap...........................................55
3.4.1 Network model........................................................................................55
3.4.2 Attack script step by step ........................................................................57
3.4.3 Result summary.......................................................................................61
Chapter 4 SNIFFING DETECTION AND PREVENTION....................................62
4.1 Suggest solutions for attack script above ....................................................62
4.1.1. Choose attack script to against...............................................................62
4.1.2. Suggested methods of detection and prevention....................................62
4.2 Sniffing detection methods..........................................................................65
4.2.1. Ping method............................................................................................65
4.2.2. The method uses ARP............................................................................66
4.2.3. Method of using DNS ............................................................................66
4.2.4. Source-Route method.............................................................................66
4.2.5. Method of trap (Decoy)..........................................................................67
4.2.6. The method of packet delay (Latency) ..................................................67vii
4.2.7. Use the tool.............................................................................................67
4.3 Sniffing Prevention Methods.......................................................................68
4.3.1. How to prevent data Sniffers..................................................................68
4.3.2. How to block Sniffing passwords ..........................................................68
4.3.3. How to stop Sniffers on hardware devices ............................................69
4.3.4. Assign fixed entries in the ARP cache...................................................69
4.3.5. DNS Poisoning cache.............................................................................70
4.3.6. Proxy Server DNS..................................................................................70
4.3.7. Port Security...........................................................................................70
4.3.8. DHCP Snooping.....................................................................................71
4.3.9. DAI (Dynamic ARP Inspection)............................................................71
4.3.10. IP Source Guard ...................................................................................72
Chapter 5 CONCLUSION .......................................................................................73
5.1 Thesis goal...................................................................................................73
5.2 Limitation and future study .........................................................................73
Reference..................................................................................................................75
Extended Abstract ....................................................................................................78

[1].J. Postel, “TELNET PROTOCOL SPECIFICATION”, RFC-854, May 1983.
[2].B. Kantor, “BSD Rlogin”, RFC-1258, December 1991.
[3].T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.0”, RFC- 1945, May 1996.
[4].R. Fielding, “Hypertext Transfer Protocol -- HTTP/1.1”, RFC-2616, June 1999.
[5].J. Klensin, “Simple Mail Transfer Protocol”, RFC-2821, April 2001.
[6].Brian Kantor, “Network News Transfer Protocol”, RFC-977, February 1986.
[7].J. Myers, “Post Office Protocol - Version 3”, RFC-1939, May 1996.
[8].J. Postel, “FILE TRANSFER PROTOCOL (FTP)”, RFC-959, October 1985.
[9].M. Crispin, “INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1”, RFC-3501, March 2003.
[10].The Tcpdump Group, “tcpdump and libpcap latest release”, https://www.tcpdump.org/, September, 18, 2017.
[11].David C. Plummer, “An Ethernet Address Resolution Protocol or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware”, RFC-826, November 1982.
[12]. Ramachandran, Vivek & Nandi, Sukumar, "Detecting ARP Spoofing: An Active Technique". In Jajodia, Suchil & Mazumdar, Chandan. Information systems security: first international conference, December 19–21, 2005.
[13].Son, Sooel; Shmatikov, Vitaly. "The Hitchhiker's Guide to DNS Cache Poisoning" Cornell University Retrieved, April 3, 2017.
[14].Abdul Nasir Khan, Kalim Qureshi, and Sumair Khan, “An Intelligent Approach of Sniffer Detection”, The International Arab Journal of Information Technology, Vol. 9, No. 1, January 2012.
[15].Pallavi Asrodia , Mr. Vishal Sharma, “Network Monitoring and Analysis by Packet Sniffing Method”, International Journal of Engineering Trends and Technology (IJETT), Volume4 Issue5, May 2013.
[16].Anubhi Kulshrestha, Sanjay Kumar Dubey, “A Literature Review on Sniffing Attacks in Computer Network”, International Journal of Advanced Engineering Research and Science (IJAERS) Vol-1, Issue-2, July 2014.
[17].Inderjit Kaur1 , Harkarandeep Kaur , Er. Gurjot Singh, “Analysing Various Packet Sniffing Tools”, International Journal of Electrical Electronics & Computer Science Engineering Volume 1, Issue 5, October 2014.
[18].Rupam, Atul Verma, Dr, and Ankita Singh. "An Approach to Detect Packets Using Packet Sniffing." International Journal of Computer Science & Engineering Survey 2013.
[19].Asrodia, Pallavi, and Hemlata Patel. "Analysis of Various Packet Sniffing Tools for Network Monitoring and Analysis." International Journal of Electrical, Electronics and Computer Engineering 2012.
[20].Ansari, S., S.g. Rajeev, and H.s. Chandrashekar. "Packet Sniffing: A Brief Introduction." IEEE Potentials 21.5 2002.
[21]."4 Ways to Avoid Packet Sniffing and Data Theft." Hacker Not Cracker. N.p., n.d. Web. Dec. 2015.
[22]."What Is a Packet?" HowStuffWorks. N.p., 30 Nov. 2000. Web. 28 Dec. 2015.
[23]."A Quick Intro to Sniffers: Wireshark/Ethereal, ARPSpoof, Ettercap, ARP Poisoning and Other Niceties." A Quick Intro to Sniffers: Wireshark/Ethereal, ARPSpoof, Ettercap, ARP Poisoning and Other Niceties. IronGeek Web. 28 Dec. 2015.
[24].Sankar, Ravi. "MAC Flooding with MACOF & Some Major Countermeasures." Kali Linux Tutorials. Kali Linux Tutorials, 22 Sept. 2015. Web. 2 Jan. 2016.
[25].Spangler, Ryan. “Packet Sniffing on Layer 2 Switched Local Area Networks” n. pag. Http://www.packetwatch.net/. Web. 2 Jan. 2016.
[26]."Layer 2 Security Features on Cisco Catalyst Layer 3 Fixed Configuration Switches Configuration Example." Cisco. Cisco, 17 Jan. 2007. Web. 3 Jan. 2016.
[27].Shail Shah, Akshit Shah, Sahil Shah, Shivani Bhattcharjee, “Intrusion Detection using Packet Sniffer”, International Journal of Electronics, Electrical and Computational System IJEECS Volume 4, Issue 10 October 2015.
[28].Pallavi Asrodia, Hemlata Patel, “Network traffic analysis using packet sniffer”, International Journal of Engineering Research and Application (IJERA), Vol.2, pp. 854-857, Issue 3, May-June 2012.
[29].Inderjit Kaur, Harkarandeep Kaur, Er. Gurjot Singh,” Analysing Various Packet Sniffing Tools”, International Journal of Electrical Electronics & Computer Science Engineering Volume 1, Issue 5, October 2014).
[30].Otusile Oluwabukola, Awodele Oludele, A.C Ogbonna, Ajeagbu Chigozirim, and Anyeahie Amarachi, “A Packet Sniffer (PSniffer) Application for Network Security in Java”, Issues in Informing Science and Information Technology Volume 10, 2013.
[31].Neha Khandelwal, “Security in Cloud: Attacks & Prevention Techniques”, International Journal of Latest Trends in Engineering and Technology (IJLTET), Vol. 5 Issue 1 January 2015.
[32].Animesh Dubey , Ravindra Gupta , Gajendra Singh, “Survey and Analysis of Client Side Detection of Content Sniffing Attack”, International Journal of Advanced Research in Computer and Communication Engineering Vol. 2, Issue 3, March 2013.
[33].MeeraGandhi, S.K.Srivatsa, “Detecting and preventing attacks using network intrusion detection systems”, International Journal of Computer Science and Security, Volume (2): Issue (1), February 2008.
[34].Harsha Gupta, Prof. Deepak Tomar, Dr. Asif Ullah Khan, “XSS Attack Detection in JSP and PHP: A Meta-Analysis Review”, International Journal of Scientific and Research Publications, Volume 5, Issue 8, August 2015.