跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.173) 您好!臺灣時間:2025/01/17 02:37
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:余建威
研究生(外文):Chien-wei Yu
論文名稱:不安全的無線網路服務中間人攻擊(MITM)解決方案分析
論文名稱(外文):MITM Attacks on Unsecured Wireless Network Service Solutions Analysis
指導教授:危永中危永中引用關係
指導教授(外文):Yung-chung Wei
學位類別:碩士
校院名稱:義守大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2009
畢業學年度:97
語文別:中文
論文頁數:91
中文關鍵詞:非法存取點中間人攻擊無線網路安全
外文關鍵詞:RAP(rogue access point)Wireless SecurityMITM(Man-in-the-Middle)
相關次數:
  • 被引用被引用:0
  • 點閱點閱:1615
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著無線網路規模的成長與普及,更多人有隨時隨地存取網路的需求,伴隨而來的無線網路安全性問題將成為熱門且重要的議題。在這些無線網路存取的需求地點,不外乎在公開的場合,例如:機場、餐廳、圖書館等,這些場合為了提供簡易的無線上網服務,通常犧牲了無線網路安全。導致快速與方便使用這些熱點(hot spot)的無線網路,同時也造成了更多有心人士的攻擊機會。更多的中間人(Man-in-the-Middle, MITM) 針對這些服務據點進行偽裝攻擊與欺騙攻擊,低安全性導致攻擊範圍擴及AP(Access Point)、DHCP(Dynamical Host Configuration Protocol)服務、DNS(Domain Name System)服務等。不同於DoS(Denial of Service)攻擊純粹癱瘓網路服務,駭客透過這些偽裝攻擊,可以輕易的在使用者尚未察覺情況下,擷取個人資訊、隱私資料,甚至進行網路釣魚,對無線網路安全造成極大的威脅與影響。
本篇論文將透過實際實驗,探討駭客如何真實的在無線網路環境發動偽裝攻擊,探討Rogue AP、Unauthorized DHCP、DNS Redirection等偽裝與欺騙攻擊方式。最後提供給頻繁使用無線網路熱點的使用者一些檢查的技術與防範方法;並且提供無線網路管理者在部署無線網路環境一些建議與參考。
In recent tears there has been an increasing focus on the security of wireless network because more and more people demand to access to the wireless network in anytime and anywhere. However, the following issues make wireless network security become a popular and significant topic. People can use these hot spots of the wireless network rapidly and easily. The easy deployment of wireless access points in public area, such as airports, restaurants, libraries, etc provided basic wireless Internet access service, but usually sacrifice the wireless security. Moreover, this service also gives more opportunities for hackers to attack at the same time. One of the attack schemes named MITM(Man-in-the-middle) takes advantage of fake attack and spoofing to attack the unsecured access points is discussed in this thesis. The low security access point results in MITM attack by a series of service such as AP (Access Point), DHCP (Dynamical Host Configuration Protocol) services, DNS (Domain Name System) services are carefully studied by theoretically and experimentally. Different from DoS(Denial of Service) attack that directly disconnect network service, network hacks use fake attacks to capture personal information and message within the wireless network unconsciously. Moreover, they may apply Phishing and cause serious privacy threat and effect in the wireless network.
This thesis develops a series of experiments to explore how the attack hacks behavior in the wireless network. The effects and solutions of rouge AP, unauthorized DHCP, DNS redirection and other attack ways will be discussed. Finally the safety solutions and recommendations supporting some preventable skills for frequent using hot spot users are given.
誌謝I
中文摘要II
AbstractIII
目錄V
表目錄VII
圖目錄VIII
第一章 緒論1
1.1 研究背景與動機1
1.2 研究目的與方法3
1.3 研究流程與實驗3
1.4 論文研究發表歷程4
第二章 文獻探討6
2.1 無線網路安全性概觀6
2.1.1 無線網路簡介6
2.1.2 偵測與監測無線網路區域6
2.1.3 無線網路的中間人攻擊7
2.1.4 邪惡雙星攻擊7
2.1.5 無線網路攻擊的種類與影響8
2.1.6 RAP的種類9
2.2 無線網路中間人攻擊解決方案回顧10
2.2.1 媒體存取控制位址過濾10
2.2.2 Wi-Fi保護存取10
2.2.3 偽裝的無線網路存取點偵測11
2.2.4 虛擬私人網路12
2.2.5 無線網路定位與鎮壓13
2.3 動態主機組態通訊協定16
2.3.1 背景與運作16
2.3.2 相關文件與研究17
2.4 網域名稱系統19
2.4.1 背景與運作19
2.4.2 相關文件與研究22
2.5 路由與其他相關研究23
2.5.1 網路設定與IP位址23
2.5.2 路由資訊協定運作24
2.5.3 網路位址轉換運作25
2.5.4 網路釣魚25
第三章 實驗設計26
3.1 實驗架構26
3.2 實驗流程26
3.2.1 實驗一模式一:RAP Outside27
3.2.2 實驗一模式二:RAP Inside27
3.2.3 實驗二模式一:DNS Redirection28
3.2.4 實驗二模式二:Phishing Site29
3.3 實驗環境30
3.3.1 實驗硬體與服務30
3.3.2 封包擷取軟體31
第四章 實驗結果32
4.1 實驗攻擊結果分析討論32
4.1.1 驗一模式一:RAP Outside32
4.1.2 驗一模式二:RAP Inside34
4.1.3 驗二模式一:DNS Redirection36
4.1.4 實驗二模式二:Phishing Site37
4.2 實驗防禦結果分析與討論39
4.2.1 HTTPs與SSH39
4.2.2 Third-part DNS43
4.2.3 VPN44
4.3 實驗限制與結果整理59
4.3.1 實驗限制59
4.3.2 結果整理59
第五章 結論60
5.1 解決方案60
5.1.1 無線網路熱點使用者防禦60
5.1.2 無線網路管理者管理策略60
5.2 研究限制與未來研究61
附錄A. 專有名詞中英文縮寫與全名一覽表67
附錄B. 校園宿舍網路管理規範與使用者行為探討69
附錄C. 不安全的無線網路服務MITM攻擊解決方案73
附錄D. Windows XP Profession VPN Server Setting78
表目錄
表2-1 WLAN攻擊與減輕機制9
表2-2 Wireless MITM attack Solutions Review Table15
表2-3 About DHCP RFCs18
表2-4 About DNS RFCs22
表2-5 IP設定相關資訊24
表3-1 測試工具軟硬體規格表30
表4-1 Authentication Method and Protocol48
表4-2 IPSec Policies Work Together54
表4-3 Authentication Method and Encryption57
表4-4 攻擊與防禦成效59
圖目錄
圖2.1 Wireless MITM attacks on unsecured wireless network7
圖2.2 VPN IP-in-IP封裝方式12
圖2.3 VPN運作通道示意圖13
圖2.4 DHCP運作流程示意圖16
圖2.5 Host Name Resolution Process20
圖2.6 DNS完整查詢運作示意圖21
圖2.7 DNS查詢的優先次序21
圖3.1 實驗基礎設定架構26
圖3.2 Experiment 1 - Model 1 Unauthorized / Rogue AP Outside27
圖3.4 Experiment 2 - Model 1 Fake / Spoofing DNS Redirection on wireless network28
圖3.5 Experiment 2 - Model 2 Fake / Spoofing DNS Redirection on wireless network and Phishing Site29
圖3.6 攻擊種類與防禦種類30
圖3.7 Wireshark Interface31
圖4.1 實驗RAP未更改SSID站台搜尋結果33
圖4.2 實驗RAP更改SSID站台搜尋結果33
圖4.3 Telnet TCP Stream Decode34
圖4.4 FTP Packet Capture35
圖4.5 FTP Account and Password Detail35
圖4.6 DNS Redirection Setting36
圖4.7 DHL Web Phishing37
圖4.8 義守大學應用資訊系統重導38
圖4.9 Gmail on https39
圖4.10 Gmail https Options39
圖4.11 Https packet capture41
圖4.12 SSH packet capture41
圖4.13 Third-part DNS Setting43
圖4.14 VPN連線基本設定圖44
圖4.15 VPN 連線類型選擇45
圖4.16 VPN Server架設46
圖4.17 PPTP用戶端連線詳細資料46
圖4.18 PPTP Packet Capture47
圖4.19 Server Encryption Policy Options47
圖4.20 PAP Packet Capture49
圖4.21 IPSec Secures Traffic Operation51
圖4.22 IPSec Packet Capture52
圖4.23 檢視ISAKMP封包資訊53
圖4.24 VPN Server IP Security Policies Setting55
圖4.25 VPN 進階選項55
圖4.26 L2TP IPSec VPN連線詳細資料56
圖4.27 VPN連線錯誤57
一、中文部份
[1]友訊(D-Link)技術團隊,文魁資訊,無線區域網路技術白皮書,2005,ISBN:986-125-599-0, pp.6-8 - 6-10
[2]財團法人資訊工業策進會,經濟部技術處,全球新興「無線城市」發展現況分析,經濟部技術處產業技術知識服務計畫,ISBN:978-957-581-384-0
[3]梁德馨 教授, TWNIC, “九十七年度台灣無線網路使用調查報告”, 全國意向顧問股份有限公司
二、英文部份
[1]A. Adya, V. Bahl, R. Chandra, and L. Qiu, “Architecture and Techniques for Diagnosing Faults”, ACM Mobicom, Sept. 2004.
[2]Amran Ahmad, Suhaidi Hassan, “Detecting Rogue Access Point (RAP) using Simple Network Management Protocol (SNMP)”, International Conference on Network Applications, Protocols and Services 2008
[3]Bryan Pfaffenberger, Worldwide, Inc., Webster''s New World Dictionary of Computer Terms Eighth Edition, 957-40-0258-6
[4]Cisco Press, Cisco Systems, Inc., Cisco Networking Academy Program HP IT Essential 1: PC Hardware and Software Companion Guide Second Edition, 986-154-036-9
[5]Cricket Liu and Paul Albitz. Copyright 2006 O’Relly Media, Inc., DNS and BIND, Fifth Edition, 0-596-10057-4.
[6]Diane Teare, Cisco Press, Cisco Systems, Inc., Designing Cisco Networks, 1st Edition, 986-7790-80-4
[7]Dino Schweitzer, Wayne Brown, ”Using Visualization to Locate Rogue Access Points”, 2007 Journal of Computing Sciences in Colleges, pp.134.140
[8]Douglas E. Comer, Pearson, TCP/IP Principles, Protocols, and Architecture, 5e
[9]Godber, A., Dasgupta, P., “Countering rogues in wireless networks”, Parallel Processing Workshops, 2003, Proceedings. 2003 International Conference on, pp.425 – 431
[10]Graig Hunt. Copyright 1999 O’Relly Media, Inc., TCP/IP Network Administration, 2e, 957-8247-40-0.
[11]Hongda Yin, Guanling Chen, Jie Wang, “Detecting protected layer-3 rogue APs”, Broadband Communications, Networks and Systems, 2007. BROADNETS 2007. Fourth International Conference on, pp.449-458
[12]Hyunuk Hwang, Gyeok Jung, Kiwook Sohn, Sangseo Park, “A Study on MITM (Man in the Middle) Vulnerability in Wireless Network Using 802.1X and EAP”, Information Science and Security, 2008. ICISS. International Conference on, pp.164 – 170
[13]Joel Scambray and George Kurtz, McGraw-Hill Companies, Inc., Hacking Exposed, Fifth Edition – Network Security Secrets & Solutions, 0-07-226081-5
[14]Liran Ma, Amin Y. Teymorian, Xiuzhen Cheng, “RAP: Protecting Commodity Wi-Fi Networks from Rogue Access Points”, Proceedings of Qshine, 2007.
[15]Mattbew S. Gast. Copyright 2006 O’Relly Media, Inc.,802.11 Wireless Networks: The Definitive Guide, 2e, 986-7794-72-9.
[16]Microsoft Inc., Implementing a Microsoft Windows Server 2003 Network Infrastructure: Network Hosts Workbook, Microsoft Training & Certification
[17]Microsoft Inc., Implementing, Management, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Workbook, Microsoft Training & Certification
[18]Mudhakar Srivatse, IBM T.J., Watson Research Center, “Who is Listening? Security in Wireless Networks”, Signal Processing, Communications and Networking, 2008. ICSCN ''08. International Conference on, pp.167.172
[19]P.Bahl, R. Chandra, J. Padhye, L. Ravindranath, M Singh, A. Wolman, and B. Zill, “Enhancing the Security of Corporate Wi-Fi Networks Using DAIR”, ACM MobiSys, 2006.
[20]Raheem Beyah, Shantanu Kangude, George Yu, Brian Strickland, and John Copeland, “Rogue Access Point Detection using Temporal Traffic Characteristics”, IEEE GLOBECOM, 2004.
[21]Roberta Bragg, Mark Rhodes-Ousley, Kenith Strassberg, McGraw-Hill Companies, Inc., Networking Security: The Complete Reference, 957-493-992-8
[22]Rolf Oppiger, Ralf Hauser, David Basin, “SSL/TLS Session-Aware User Authentication”, 2008 IEEE Computer Society, pp.59-65
[23]Wei Wei, Kyoungwon Suh, Bing Wang, Yu Gu, Jim Kurose, Don Towsley, “Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs”, Internet Measurement Conference, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pp.365-378
三、網站部份
[1]American Banker Security Watch, http://www.americanbanker.com/security-watch.html
[2]Bruce Schneier., Mudgo., “Cryptanalysis of Microsoft''s Point-to-Point Tunneling Protocol (PPTP)” http://www.schneier.com/paper-pptp.html
[3]Bruce Schneier., Mudgo., David Wagner.(UC Berkeley), “Cryptanalysis of Microsoft''s PPTP Authentication Extensions (MS-CHAPv2)” , http://www.schneier.com/paper-pptpv2.html
[4]CERT/CC (Computer Emergency Resource Team / Coordination Center). http://www.cert.org
[5]CERT/CC, “Over-Confidence is Pervasive Amongst Security Professionals”
[6]Cisco Systems, http://www.cisco.com.tw
[7]eTForecasts. http://www.etforecasts.com
[8]FCC (Federal Communications Commission). http://www.fcc.gov
[9]IETF (Internet Engineering Task Force). http://www.ietf.org
[10]Internet World Stats. http://www.internetworldstats.com
[11]Microsoft TechNet http://technet.microsoft.com/zh-tw/default.aspx
[12]OpenDNS http://www.opendns.com
[13]Paul Moceri., Troy Ruths., “Cafe Crack: Attacks on Unsecured Wireless Networks”, Washington University, http://www.cse.wustl.edu/~jain/cse571-07/ftp/cafecrack
[14]RFCs (Request for Comments). http://www.rfc-editor.org
[15]TWCERT/CC (Taiwan Computer Emergency Resource Team / Coordination Center). http://www.cert.org.tw
[16]TWNIC (Taiwan Network Information Center). http://www.twnic.net.tw
[17]Wi-Fi Alliance. http://www.wi-fi.org
[18]Wireshark http://www.wireshark.org
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top