Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Tactics to Discover “Passive” Monitoring Devices

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

COEN 252 Computer Forensics Remote Sniffer Detection.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

ARP cache Poisoning For the Detection of Sniffers in an Ethernet Network Raoudha KHCHERIF Assistant Professor National School of Computer Science University.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

COEN 252: Computer Forensics Router Investigation.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

JMU GenCyber Boot Camp Summer, Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.

COEN 252 Computer Forensics

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

COEN 252 Computer Forensics Collecting Network-based Evidence.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.

Network – internet – part2  Address at diff. layers  Headers at diff. layers  Equipment at diff. layers.

Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.

Linux Networking and Security

CS426Network Security1 Computer Security CS 426 Network Security (1)

June, 2006 Stanford 2006 Ethane. June, 2006 Stanford 2006 Security and You  What does security mean to you?  Data on personal PC?  Data on family PC?

Distributed Denial of Service Attacks

CHAPTER 9 Sniffing.

CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.

Sniffer, tcpdump, Ethereal, ntop

0x440 Network Sniffing.

Slide #1 CIT 380: Securing Computer Systems TCP/IP.

DIYTP Network Basics  How do computers communicate?  Network Interface Card (NIC)  Media Access Control Address (MAC)  Unique to each NIC 

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -

CSCI 530 Lab Packet Sniffing.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

Network Devices and Firewalls Lesson 14. It applies to our class…

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Fall  Computer Crimes  Operating System Identification  Firewalking 2.

Network Eavesdropping. 2 Outline Concepts Concepts Methodology Methodology Detection Detection.

Introduction to Information Security

CSCE 548 Student Presentation By Manasa Suthram

Networks Fall 2009.

Network Eavesdropping

Lab 2: Packet Capture & Traffic Analysis with Wireshark

COEN 152 / 252 Computer Forensics

LAN Vulnerabilities.

Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Firewalls Routers, Switches, Hubs VPNs

Network hardening Chapter 14.

Presentation transcript:

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE

What is Passive Protocol Analysis? Also known as sniffing Assumed TCP/IP V4 broadcast networks Easy connection into network –MAC card into promiscuous mode –Monitor traffic for certain ports ie 21 (ftp) –Look for certain packets ie with SYN bit set

Why is so difficult to detect sniffers? The attack is essentially passive –They don’t generate unusual traffic –They are normally linked to active intrusion attacks Only requires a standard machine Threat is always seen as external –Though it rarely is – 80% are internal!

Janet network security compromises Period Root Compromise s Password sniffer Found 1995 Q Q Q Q Q Q Q Q Q152 Total6323

Some tests for sniffers IMCP echo response DNS Lookup ICMP echo response latency Fake user and & password Unrecognised MAC address

ICMP Echo response test

ICMP Echo latency test

The ARP check test results

The check ping test results

The latency test results

Future developments We are creating –Test to profile machines on a network using sampling –Use of control machine –Expert systems to filter data

What is to be done? #1 Fixes at topology and switching level –Change from broadcast to switched networks –Use of ‘intelligent’ hubs Fix ports to MAC addresses –Implement reflexive filtering

What is to be done? #2 Fixes at protocol level –Encrypt everything! –Use SSH –One time passwords –VPNS –IPng/IPV6