CHAPTER 9 Sniffing.

Slides:

Advertisements

Similar presentations

Ethical Hacking Module VII Sniffers.

Advertisements

Network Security.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

SYSTEM ADMINISTRATION Chapter 19

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Web server security Dr Jim Briggs WEBP security1.

Computer Security and Penetration Testing

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

SSH Secure Login Connections over the Internet

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

OSI Model Routing Connection-oriented/Connectionless Network Services.

Forensic and Investigative Accounting

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

COEN 252 Computer Forensics

Web Server Administration Chapter 10 Securing the Web Environment.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Linux Networking and Security Chapter 11 Network Security Fundamentals.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

Chapter 13 – Network Security

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

Linux+ Guide to Linux Certification Chapter Fifteen Linux Networking.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Linux Networking and Security

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Chapter 8 Phase3: Gaining Access Using Network Attacks

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

TCP/IP (Transmission Control Protocol / Internet Protocol)

LAN Switching and Wireless Basic Switch Concepts and Configuration.

Protocols COM211 Communications and Networks CDA College Olga Pelekanou

Lesson 7: Network Security and Attacks. Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption.

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

Networks Part 2: Infrastructure + Protocols NYU-Poly: HSWP Instructor: Mandy Galante.

17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.

Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.

Introduction to Secure Shell Greg Porter Data Processing Manager USPFO For California.

SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Fall  Computer Crimes  Operating System Identification  Firewalking 2.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

Networks Fall 2009.

Application layer tcp/ip

LAN Vulnerabilities.

Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.

Chapter 2: Basic Switching Concepts and Configuration

Switch Concepts and Configuration Part II

Topic 5: Communication and the Internet

Protocols 2 Key Revision Points.

Chapter 7 Network Applications

Presentation transcript:

CHAPTER 9 Sniffing

DEFINITION A method by which an attacker can compromise the security of a network in a passive fashion using sniffer. A sniffer is a a tool (a program or wire-tap devices) that plugs into computer networks and eavesdrops on the network traffic. Sniffers have been around for a long time in two forms. Commercial sniffers are used to help maintain networks. Underground sniffers are used to break into computers

THINGS TO SNIFF The most important thing typically to sniff is Authentication Information The example of authentication information are usernames and passwords. Following is a sampling of typical protocols on network traffic that are sniffed, especially for passwords. 1. Telnet (Port 23) 2. FTP (Port 21) 3. POP (Port 110) 4. IMAP (Port 143) 5. MNTP (Port 119)

THINGS TO SNIFF 6. rlogin (Port 513) 7. X11 (Port 6000+) 8. NFS File Handles 9. SMTP (Port 25) 10. HTTP (Port 80) Windows NT Authentication 1. Plaintext 2. LanManager (LM) 3. NT LanManager

SNIFFING TECHNIQUES Switch Tricks ARP Spoofing There are some advanced sniffing techniques can be used: Switch Tricks Hackers use tricks to find short cuts for gaining unauthorized access to systems. They may use their access for illegal or destructive purposes, or they may simply be testing their own skills to see if they can perform a task. ARP Spoofing ARP Spoofing is a technique used by crackers in order to sniff frames on a switched LAN or stop the traffic on the LAN.

SNIFFING TECHNIQUES ARP Flooding Routing Games The intruder is trying to see what hosts you have active on your network. They are nottrying to deny service to you, just trying to find out what potential targets are available on your network. This is often a precursor to an attack. Be sure you have your network secured properly. Routing Games The routing algorithm that act as an adversary that attempts to intercept data in the network.

SNIFFING PROTECTION Password Protection Data Protection The data-encryption solutions also provide for secure authentication. Examples are SMB/CIFS (Windows) and Kerberos v5 (UNIX). Data Protection SSL SSL (Secure Socket Layers) is built into all popular web browsers and web servers. It allows encrypted web surfing, and is almost always used in e-commerce when users enter their credit card information.

SNIFFING PROTECTION Secure Shell (Ssh) Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. Switching Switching refers to protocols in which messages are divided into packets before they are sent.

SNIFFING PROTECTION Configure Local Network VPNs (Virtual Private Networks) VPNs provide encrypted traffic across the Internet. Configure Local Network Replacing your hub with a switch will provide a simple, yet effective defense against casual sniffing.

SNIFFING DETECTION “ping” method ARP method Most "sniffers" run on normal machines with a normal TCP/IP stack. This means that if you send a request to these machines, they will respond. The trick is to send a request to IP address of the machine, but not to its Ethernet adapter. ARP method The ARP method is similar to the ping method, but an ARP packet is used instead.

SNIFFING DETECTION DNS method The simplest ARP method transmits an ARP to a non-broadcast address. If a machine responds to such an ARP of its IP address, then it must be in promiscuous mode. DNS method Many sniffing programs do automatic reverse-DNS lookups on the IP addresses they see. Therefore, a promiscuous mode can be detected by watching for the DNS traffic that it generates. This method can detect dual-homed machines and can work remotely.

SNIFFING DETECTION “source-route” method “latency” method Another technique involves configuring the source-route information inside the IP header. This can be used to detect sniffers on other, nearby segments. “latency” method This is a more evil method. On one hand, it can significantly degrade network performance. On the other hand, it can 'blind' sniffers by sending too much traffic. This method functions by sending huge quantities of network traffic on the wire.

SNIFFER DETECTORS AntiSniff CPM (Check Promiscuous Mode) neped The most comprehensive sniffer-detection tool. CPM (Check Promiscuous Mode) A tool from Carnegie-Mellon that checks to see if promiscuous mode is enabled on a UNIX machine. neped A tool from The Apostols that detects sniffers running on the local segment.