Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Published byBuck Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m."— Presentation transcript:

1 http://Irongeek.com Adrian Crenshaw

2 http://Irongeek.com  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m just a geek with time on my hands  (ir)Regular on the ISDPodcast http://www.isd-podcast.com/ http://www.isd-podcast.com/

3 http://Irongeek.com  Federal Wiretap Act  Wiretapping Law http://en.wikipedia.org/wiki/Telephone_tapping http://www.cathygellis.com/writing/CopySense_an d_Sensibility_CGellis.pdf http://en.wikipedia.org/wiki/Telephone_tapping http://www.cathygellis.com/writing/CopySense_an d_Sensibility_CGellis.pdf  Botnet Research, Mitigation and the Law http://hopetracker.donthax.me/ http://hopetracker.donthax.me/

4 http://Irongeek.com  A networking tool that lets you see what is on the wire or other networking medium  Lets you find network problems by looking at the raw packets/frames  AKA: Packet analyzers  Trademark of Network Associates Sniffer Network Analyzer

5 http://Irongeek.com  General network diagnostics  Wireshark  Microsoft Network Monitor 3.4  TCPDump  Commview  Special purpose  Sniff passwords: Cain, Ettercap, Dsniff  IDS: Snort  Network forensics: NetworkMiner, Ettercap, P0f, Satori Many use libpcap/WinPcap libraries

6 http://Irongeek.com  Find out where problems lie  Analyze protocols  Find plaintext protocols in use at your organization so you can discontinue their use  Telnet, HTTP, SMTP, SNMP, POP3, FTP, etc  Find rogue devices  Find traffic that should not exist (Why is there leet speak leaving my box?)

7 http://Irongeek.com

8

9  Normal  Only frames destined for the NIC’s MAC address, and broadcasts, are passed up the network stack  Promiscuous mode  Lets you see traffic in your collision domain, even if it’s not destined for your MAC address  Some wireless card don’t support it  Monitor mode (RFMON)  Allows raw viewing of 802.11 frames  Generally you have to use *nix (some exceptions)  ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up  Kismet!!!

10 http://Irongeek.com  Plaintext protocols? At a hacker con? http://www.wallofsheep.com/

11 http://Irongeek.com Broadcast/Self Routed through me ARP poisoned Promiscuous Monitor mode

12 http://Irongeek.com  Mirror port  TAP (Pics from Tony)  Own a box (Metasploit and others)  Pivotbox/Blackthrow/Dropbox/Kamikaze box/Svartkast  ARP Poison  Get in the route

13 http://Irongeek.com  We’re going to need a bigger packet…

14 http://Irongeek.com  tcpdump/dumpcap  tcpreplay  packeth  wlan2eth http://www.willhackforsushi.com/?page_id=79 http://www.willhackforsushi.com/?page_id=79  nm2lp(NetMon to LibPcap) http://www.inguardians.com/tools/ http://www.inguardians.com/tools/  Metasploit? http://www.offensive-security.com/metasploit-unleashed/Packet_Sniffing_With_Meterpreter http://www.offensive-security.com/metasploit-unleashed/Packet_Sniffing_With_Meterpreter

15 http://Irongeek.com  On the local subnet, IPs are translated to MAC addresses using ARP (Address resolution Protocol)  ARP queries are sent and listened for, and a table of IPs to MACs is built (arp -a)  Pulling off a MITM (Man In The Middle) attack  If you MITM a connection, you can proxy it and sometime get around encryption  SSL  RDP  WPA

16 http://Irongeek.com FritzCindy Cracker Switch Hey Cindy, I’m Fritz. Hey Fritz, I’m Cindy.

17 http://Irongeek.com  Insert obscure D&D reference here ettercap -T –q –i eth0 -M ARP // //

18 http://Irongeek.com  Brotherly Love?

19 http://Irongeek.com  Be a router (Yersinia)  Rogue DHCP  Rogue access points (Karma)  DNS Poison  WPAD?

20 http://Irongeek.com  RFCs are implemented differently by different vendors  Different window sizes  Different TTL  Different responses to probes  Different DHCP requests  Tools like P0f, Ettercap and Satori do passive OS finger printing  NetworkMiner combines them all!!

21 http://Irongeek.com  No, not an underage Internet user.

22 http://Irongeek.com  Baaaahh!!! http://codebutler.github.com/firesheep/ http://codebutler.github.com/firesheep/

23 http://Irongeek.com Articles:  Intro to Sniffers http://www.irongeek.com/i.php?page=security/AQuickIntrotoSniffers http://www.irongeek.com/i.php?page=security/AQuickIntrotoSniffers  Cain RDP (Remote Desktop Protocol) Sniffer Parser http://www.irongeek.com/i.php?page=security/cain-rdp-mitm-parser http://www.irongeek.com/i.php?page=security/cain-rdp-mitm-parser  Caffeinated Computer Crackers: Coffee and Confidential Computer Communications http://www.irongeek.com/i.php?page=security/coffeecrack http://www.irongeek.com/i.php?page=security/coffeecrack  The Basics of Arpspoofing/Arppoisoning http://www.irongeek.com/i.php?page=security/arpspoof http://www.irongeek.com/i.php?page=security/arpspoof  Fun with Ettercap filters http://www.irongeek.com/i.php?page=security/ettercapfilter

24 http://Irongeek.com Videos:  Hacker Con WiFi Hijinx Video: Protecting Yourself On Potentially Hostile Networks presentation for the ISSA in Louisville Kentucky http://www.irongeek.com/i.php?page=videos/hacker-con-hostile-networks-louisville-issa http://www.irongeek.com/i.php?page=videos/hacker-con-hostile-networks-louisville-issa  DNS Spoofing with Ettercap http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming  More Useful Ettercap Plugins For Pen-testing http://irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate http://irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate  Intro to the AirPcap USB adapter, Wireshark, and using Cain to crack WEP http://www.irongeek.com/i.php?page=videos/airpcap-wireshark-cain-wep-cracking http://www.irongeek.com/i.php?page=videos/airpcap-wireshark-cain-wep-cracking  Using Cain and the AirPcap USB adapter to crack WPA/WPA2 http://www.irongeek.com/i.php?page=videos/airpcap-cain-wpa-cracking http://www.irongeek.com/i.php?page=videos/airpcap-cain-wpa-cracking  Passive OS Fingerprinting With P0f And Ettercap http://www.irongeek.com/i.php?page=videos/passive-os-fingerprinting http://www.irongeek.com/i.php?page=videos/passive-os-fingerprinting  Network Printer Hacking: Irongeek's Presentation at Notacon 2006 http://www.irongeek.com/i.php?page=videos/notacon2006printerhacking http://www.irongeek.com/i.php?page=videos/notacon2006printerhacking  Sniffing VoIP Using Cain http://www.irongeek.com/i.php?page=videos/cainvoip1 http://www.irongeek.com/i.php?page=videos/cainvoip1  Cain to ARP poison and sniff passwords http://www.irongeek.com/i.php?page=videos/cain1 http://www.irongeek.com/i.php?page=videos/cain1

25 http://Irongeek.com Protection:  SSH Dynamic Port Forwarding http://www.irongeek.com/i.php?page=videos/sshdynamicportforwarding http://www.irongeek.com/i.php?page=videos/sshdynamicportforwarding  An Introduction to Tor http://www.irongeek.com/i.php?page=videos/tor-1 http://www.irongeek.com/i.php?page=videos/tor-1  Encrypting VoIP Traffic With Zfone To Protect Against Wiretapping http://irongeek.com/i.php?page=videos/encrypting-voip-traffic-with-zfone-to-protect- against-wiretapping http://irongeek.com/i.php?page=videos/encrypting-voip-traffic-with-zfone-to-protect- against-wiretapping  Finding Promiscuous Sniffers and ARP Poisoners on your Network with Ettercap http://irongeek.com/i.php?page=videos/finding-promiscuous-and-arp-poisoning-sniffers- on-your-network-with-ettercap http://irongeek.com/i.php?page=videos/finding-promiscuous-and-arp-poisoning-sniffers- on-your-network-with-ettercap  DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows http://www.irongeek.com/i.php?page=security/decaffeinatid-simple-ids-arpwatch-for- windows http://www.irongeek.com/i.php?page=security/decaffeinatid-simple-ids-arpwatch-for- windows

26 http://Irongeek.com Tools:  Wireshark http://www.wireshark.org/ http://www.wireshark.org/  Ettercap http://ettercap.sourceforge.net/ http://ettercap.sourceforge.net/  Cain http://www.oxid.it/cain.html http://www.oxid.it/cain.html  NetworkMiner http://networkminer.wiki.sourceforge.net/NetworkMiner http://networkminer.wiki.sourceforge.net/NetworkMiner  Firesheep http://codebutler.github.com/firesheep/ http://codebutler.github.com/firesheep/  Backtrack Linux http://www.backtrack-linux.org/downloads/ http://www.backtrack-linux.org/downloads/

27 http://Irongeek.com  Louisville Infosec http://www.louisvilleinfosec.com/ http://www.louisvilleinfosec.com/  DerbyCon 2011, Louisville Ky http://derbycon.com/ http://derbycon.com/  Skydogcon/Hack3rcon/Phreaknic/Notacon/Outerz0ne http://www.skydogcon.com/ http://www.hack3rcon.org/ http://phreaknic.info http://notacon.org/ http://www.outerz0ne.org/ http://www.skydogcon.com/ http://www.hack3rcon.org/ http://phreaknic.info http://notacon.org/ http://www.outerz0ne.org/

28 http://Irongeek.com 42

Download ppt "Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Man in the Middle Attack

Man in the Middle Attack
Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu GargManu Garg manugarg at gmail.

Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu GargManu Garg manugarg at gmail.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Packet Sniffing - By Aarti Dhone.

Packet Sniffing - By Aarti Dhone.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
Misbehaving with 802.11 Will Stockwell

Misbehaving with Will Stockwell
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009.

An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009.
Wi-Fi Structures.

Wi-Fi Structures.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Computer Security and Penetration Testing

Computer Security and Penetration Testing

Similar presentations

Ads by Google