Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE."— Presentation transcript:

1 Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE

2 What is Passive Protocol Analysis? Also known as sniffing Assumed TCP/IP V4 broadcast networks Easy connection into network –MAC card into promiscuous mode –Monitor traffic for certain ports ie 21 (ftp) –Look for certain packets ie with SYN bit set

3 Why is so difficult to detect sniffers? The attack is essentially passive –They don’t generate unusual traffic –They are normally linked to active intrusion attacks Only requires a standard machine Threat is always seen as external –Though it rarely is – 80% are internal!

4 Janet network security compromises Period Root Compromise s Password sniffer Found 1995 Q131 1995 Q220 1995 Q3114 1995 Q4102 1996 Q153 1996 Q2104 1996 Q362 1996 Q4115 1997 Q152 Total6323

5 Some tests for sniffers IMCP echo response DNS Lookup ICMP echo response latency Fake user and & password Unrecognised MAC address

6 ICMP Echo response test

7 ICMP Echo latency test

8 The ARP check test results

9 The check ping test results

10 The latency test results

11 Future developments We are creating –Test to profile machines on a network using sampling –Use of control machine –Expert systems to filter data

12 What is to be done? #1 Fixes at topology and switching level –Change from broadcast to switched networks –Use of ‘intelligent’ hubs Fix ports to MAC addresses –Implement reflexive filtering

13 What is to be done? #2 Fixes at protocol level –Encrypt everything! –Use SSH –One time passwords –VPNS –IPng/IPV6

Download ppt "Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Tactics to Discover “Passive” Monitoring Devices

Tactics to Discover “Passive” Monitoring Devices
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
COEN 252 Computer Forensics Remote Sniffer Detection.

COEN 252 Computer Forensics Remote Sniffer Detection.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
ARP cache Poisoning For the Detection of Sniffers in an Ethernet Network Raoudha KHCHERIF Assistant Professor National School of Computer Science University.

ARP cache Poisoning For the Detection of Sniffers in an Ethernet Network Raoudha KHCHERIF Assistant Professor National School of Computer Science University.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009.

An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.

Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.

Similar presentations

Ads by Google