Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Published byJaiden Bloodworth Modified over 10 years ago

Similar presentations

Presentation on theme: "Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon."— Presentation transcript:

1 Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon Copeland Group 4 Scott McCans Peter Mehravari

2 Outline Password Cracking Network Sniffing Man-in-the-Middle Virtual Private Networks

3 Password Cracking Efficient against weak passwords, takes matter of seconds For strong passwords, large amounts of time and processing power needed Brute force only logical way to break passwords (and luck) Be aware of key loggers

4 Defense – Password Cracking Avoid short common dictionary words apple, sheep, window, etc. Avoid common passwords password, passwd, abc123 Should be long (at least 8 characters) and contain numbers, letters, and symbols

5 Sniffing HTTP and FTP easy to sniff, not a secure connection SSH uses a secure connection, sniffed packets unreadable Easy to sniff TCP sessions using Ethereal or similar applications

6 Defense – Sniffing Detecting Sniffers Check local host by running ifconfig, if RUNNING PROMISC machine is in promiscuous mode (which usually indicates a sniffer) Utilities such as ARPwatch, monitor ARP caches to look for duplicates Intrusion Detection Systems which monitor ARP spoofing on a network Sniffing is very hard to detect usually until too late Sumit Dhar, Sniffers Basics and Detection, http://www.rootshell.be/~dhar/downloads/Sniffers.pdf,, dharvsnl@yahoo.com

7 Defense – Sniffing Prevention Use encryption programs for all Internet traffic Secure Socket Layers Transport Layer Security Secure Shell (SSH) Tunnel Use switch networks instead of Hubs, packets not visible at every node of network Anti-sniffing tools: Anti Sniff, Neped, Snort

8 Man-in-the-Middle: How it Works Application (Ettercap) sends out ARP messages with wrong MAC address Causes traffic to go through third party host Sender/Receiver don't know about the third party

9 Man-in-the-Middle: Threats Acts as a sniffer Can drop traffic for specific ports Can hijack existing connections

10 Defense – Man in the Middle Detection Traceroute for extra hops most likely will not work Different ARP responses from one computer Increase in RTT of packets possible?

11 Defense – Man in the Middle Prevention Manually enter ARP entries Firewall to prevent initial setup of Man in the Middle

12 Virtual Private Networks (VPN) Uses key to create secure connection All traffic between VPN hosts is secure Allows secure use of insecure protocols Hosts appear to be on same subnet

13 Defense – VPN Use secure method to transfer keys Check for man-in-the-middle

Download ppt "Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Man in the Middle Attack

Man in the Middle Attack
ARP Spoofing.

ARP Spoofing.
ARP Caching Christopher Avilla. What is ARP all about? Background Packet Structure Probe Announcement Inverse and Reverse Proxy Tools Poisoning MAC Flooding.

ARP Caching Christopher Avilla. What is ARP all about? Background Packet Structure Probe Announcement Inverse and Reverse Proxy Tools Poisoning MAC Flooding.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6167/8167: Network and Information Security Weichao Wang.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Network Architecture:

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Network Architecture:
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.

Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Similar presentations

Ads by Google