fools your enemy with mikrotik
TRANSCRIPT
![Page 1: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/1.jpg)
Fools your enemy with Mikrotik
BY: DIDIET KUSUMADIHARDJAMIKROTIK USER MEETING (MUM) 2016JAKARTA, INDONESIA 14 OCTOBER 2016
![Page 2: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/2.jpg)
Didiet Kusumadihardja - [email protected]
2About Me
Didiet Kusumadihardja1. IT Security Specialist
PT. Mitra Solusi Telematika
2. Trainer & IT Consultant Arch Networks
MTCNA, MTCINE, MTCWE, MTCUME, MTCTCE, MTCRE
![Page 3: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/3.jpg)
Didiet Kusumadihardja - [email protected]
3PT. Mitra Solusi Telematika
Gedung TMT 2. GFJl. Cilandak KKO
Jakarta
![Page 6: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/6.jpg)
Didiet Kusumadihardja - [email protected]
6Global IT Security Incident 2015
3 Tahun di Hack ( 2012 – 2015)
![Page 7: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/7.jpg)
Didiet Kusumadihardja - [email protected]
7Global IT Security Incident 2016
500 Juta Account
3 Miliar Account ???Source: Tech Times
![Page 10: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/10.jpg)
Didiet Kusumadihardja - [email protected]
10Indonesia IT Security Incident 2013
polri.go.id2013
Deface
Motive: Fame?
![Page 11: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/11.jpg)
Didiet Kusumadihardja - [email protected]
11Indonesia IT Security Incident 2016
Teman Ahok
DDoS Attack
Motive: Politics?
![Page 12: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/12.jpg)
Didiet Kusumadihardja - [email protected]
12Indonesia IT Security Incident 2016
Videotron
Kebayoran BaruJakarta Selatan
Motive: Curiosity?
![Page 13: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/13.jpg)
Didiet Kusumadihardja - [email protected]
13
Source: Carnegie Mellon University
IT SecurityTrends
Gak PerluPinter Buat
Hacking
![Page 15: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/15.jpg)
Didiet Kusumadihardja - [email protected]
15
Source: SCMagazine
Modern Business
Cybercrime as a Service (CaaS)
![Page 17: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/17.jpg)
Didiet Kusumadihardja - [email protected]
17Hacking Phase
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Source: Ethical Hacking by EC-Council
![Page 18: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/18.jpg)
Didiet Kusumadihardja - [email protected]
18Hacking Phase (Cont’d)
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
Information Gathering
OS Detail Open Port
Version
Device Type
Application Vulnerability
Exploit Vulnerability
Escalate PrivilegeBackdoors
Delete/overwrite Event/LogsData harvesting
![Page 19: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/19.jpg)
Didiet Kusumadihardja - [email protected]
19Hacking Phase Analogy
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
![Page 20: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/20.jpg)
Didiet Kusumadihardja - [email protected]
20When we fools them?
1.Reconnaissance2.Scanning3.Gaining Access4.Maintaining Access5.Clearing Tracks
![Page 27: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/27.jpg)
Didiet Kusumadihardja - [email protected]
27Server Farm Network Example
192.168.1.2 DNS Server192.168.1.5 Web Server192.168.1.10 DB Server192.168.1.15 Mail Server
SERVER X
192.168.1.0/24
![Page 28: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/28.jpg)
Didiet Kusumadihardja - [email protected]
28Confuse your enemy
192.168.1.1 Fake Server 1192.168.1.2 DNS Server192.168.1.3 Fake Server 2192.168.1.4 Fake Server 3192.168.1.5 Web Server192.168.1.6 Fake Server 4192.168.1.7 Fake Server 5192.168.1.8 Fake Server 6192.168.1.9 Fake Server 7192.168.1.10 DB Server192.168.1.11 Fake Server 8192.168.1.12 Fake Server 9192.168.1.13 Fake Server 10192.168.1.14 Fake Server 11192.168.1.15 Mail Server 192.168.1.0/24
![Page 32: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/32.jpg)
Didiet Kusumadihardja - [email protected]
32Fake Ports at your Web Server
HTTP & HTTPS toLegitimate Server
Other Ports toFake Server
![Page 33: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/33.jpg)
Didiet Kusumadihardja - [email protected]
33Simple NAT for Web Server
INTERNET
ROUTER WEB SERVER192.168.2.3
Chain Action
NAT (Port Mapping)
10.0.0.1
![Page 34: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/34.jpg)
Didiet Kusumadihardja - [email protected]
34Add Additional NAT for Bait
Web Server192.168.2.3 Fake Server
(Honey Pot)192.168.2.4
Chain Action
![Page 35: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/35.jpg)
Didiet Kusumadihardja - [email protected]
35Fake Server at your Server Farm Network
Only one legitimateserver
Others are Fake Server
![Page 36: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/36.jpg)
Didiet Kusumadihardja - [email protected]
36Another Example
Web Server192.168.2.3
Fake Server(Honey Pot)192.168.2.4
Chain Action
![Page 37: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/37.jpg)
Didiet Kusumadihardja - [email protected]
37Combine with Honey Pot
KFSensorOthers HoneyPot: Honeyd, Kippo, Dionaea, Nepenthes
![Page 39: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/39.jpg)
Didiet Kusumadihardja - [email protected]
39What Hacker See (SoftPerfect NetScan)
Before After
SoftPerfect Network Scanner
![Page 40: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/40.jpg)
Didiet Kusumadihardja - [email protected]
40I don’t want to use HoneyPot
Step 1: Chain
Step 2: Action
![Page 41: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/41.jpg)
Didiet Kusumadihardja - [email protected]
41What we see, If someone PING
SRC-MAC ADDRESSSRC-IP ADDRESS
![Page 43: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/43.jpg)
Didiet Kusumadihardja - [email protected]
43The Dude, Hotspot & Userman
IP Address MAC Address User ID Person
![Page 44: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/44.jpg)
Didiet Kusumadihardja - [email protected]
44Use Case 1
Internet Café(WARNET)
University
OfficeInsider Threat
![Page 45: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/45.jpg)
Didiet Kusumadihardja - [email protected]
45Use Case 2
AnalyticsFor Fun
Learn hacking methodfrom hacker / script kiddies
Research
http://public.honeynet.id
(Low Interaction Honeypot)(High Interaction Honeypot)
![Page 46: Fools your enemy with MikroTik](https://reader035.vdocument.in/reader035/viewer/2022081419/587e74cf1a28ab38068b63df/html5/thumbnails/46.jpg)
Didiet Kusumadihardja - [email protected]
46
Thank you..
Question?
DIDIET KUSUMADIHARDJA
[email protected]://didiet.arch.web.id/
https://www.facebook.com/ArchNetID/