Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 9 Sniffing.

Published byMaud Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "CHAPTER 9 Sniffing."— Presentation transcript:

1 CHAPTER 9 Sniffing

2 DEFINITION A method by which an attacker can compromise the security of a network in a passive fashion using sniffer. A sniffer is a a tool (a program or wire-tap devices) that plugs into computer networks and eavesdrops on the network traffic. Sniffers have been around for a long time in two forms. Commercial sniffers are used to help maintain networks. Underground sniffers are used to break into computers

3 THINGS TO SNIFF The most important thing typically to sniff is Authentication Information The example of authentication information are usernames and passwords. Following is a sampling of typical protocols on network traffic that are sniffed, especially for passwords. 1. Telnet (Port 23) 2. FTP (Port 21) 3. POP (Port 110) 4. IMAP (Port 143) 5. MNTP (Port 119)

4 THINGS TO SNIFF 6. rlogin (Port 513) 7. X11 (Port 6000+)
8. NFS File Handles 9. SMTP (Port 25) 10. HTTP (Port 80) Windows NT Authentication 1. Plaintext 2. LanManager (LM) 3. NT LanManager

5 SNIFFING TECHNIQUES Switch Tricks ARP Spoofing
There are some advanced sniffing techniques can be used: Switch Tricks Hackers use tricks to find short cuts for gaining unauthorized access to systems. They may use their access for illegal or destructive purposes, or they may simply be testing their own skills to see if they can perform a task. ARP Spoofing ARP Spoofing is a technique used by crackers in order to sniff frames on a switched LAN or stop the traffic on the LAN.

6 SNIFFING TECHNIQUES ARP Flooding Routing Games
The intruder is trying to see what hosts you have active on your network. They are nottrying to deny service to you, just trying to find out what potential targets are available on your network. This is often a precursor to an attack. Be sure you have your network secured properly. Routing Games The routing algorithm that act as an adversary that attempts to intercept data in the network.

7 SNIFFING PROTECTION Password Protection Data Protection
The data-encryption solutions also provide for secure authentication. Examples are SMB/CIFS (Windows) and Kerberos v5 (UNIX). Data Protection SSL SSL (Secure Socket Layers) is built into all popular web browsers and web servers. It allows encrypted web surfing, and is almost always used in e-commerce when users enter their credit card information.

8 SNIFFING PROTECTION Secure Shell (Ssh)
Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. Switching Switching refers to protocols in which messages are divided into packets before they are sent.

9 SNIFFING PROTECTION Configure Local Network
VPNs (Virtual Private Networks) VPNs provide encrypted traffic across the Internet. Configure Local Network Replacing your hub with a switch will provide a simple, yet effective defense against casual sniffing.

10 SNIFFING DETECTION “ping” method ARP method
Most "sniffers" run on normal machines with a normal TCP/IP stack. This means that if you send a request to these machines, they will respond. The trick is to send a request to IP address of the machine, but not to its Ethernet adapter. ARP method The ARP method is similar to the ping method, but an ARP packet is used instead.

11 SNIFFING DETECTION DNS method
The simplest ARP method transmits an ARP to a non-broadcast address. If a machine responds to such an ARP of its IP address, then it must be in promiscuous mode. DNS method Many sniffing programs do automatic reverse-DNS lookups on the IP addresses they see. Therefore, a promiscuous mode can be detected by watching for the DNS traffic that it generates. This method can detect dual-homed machines and can work remotely.

12 SNIFFING DETECTION “source-route” method “latency” method
Another technique involves configuring the source-route information inside the IP header. This can be used to detect sniffers on other, nearby segments. “latency” method This is a more evil method. On one hand, it can significantly degrade network performance. On the other hand, it can 'blind' sniffers by sending too much traffic. This method functions by sending huge quantities of network traffic on the wire.

13 SNIFFER DETECTORS AntiSniff CPM (Check Promiscuous Mode) neped
The most comprehensive sniffer-detection tool. CPM (Check Promiscuous Mode) A tool from Carnegie-Mellon that checks to see if promiscuous mode is enabled on a UNIX machine. neped A tool from The Apostols that detects sniffers running on the local segment.

Download ppt "CHAPTER 9 Sniffing."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Network Security.

Network Security.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
SYSTEM ADMINISTRATION Chapter 19

SYSTEM ADMINISTRATION Chapter 19
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Similar presentations

Ads by Google