Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com Sniffing & Keylogger Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com.

Published byBarnaby McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com Sniffing & Keylogger Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com."— Presentation transcript:

1 Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com
Sniffing & Keylogger Deff Arnaldy, M.Si

2 Overview Konsep sniffing Capturing Live Network Data
Explorasi hasil capturing Countermeasure sniffing Keyloggers Overview

3 Sniffer adalah program yang membaca dan menganalisa setiap protokol yang melewati mesin di mana program tersebut diinstal Secara default, sebuah komputer dalam jaringan (workstation) hanya mendengarkan dan merespon paket-paket yang dikirimkan kepada mereka. Namun demikian, kartu jaringan (network card) dapat diset oleh beberapa program tertentu, sehingga dapat memonitor dan menangkap semua lalu lintas jaringan yang lewat tanpa peduli kepada siapa paket tersebut dikirimkan. Aktifitasnya biasa disebut dengan Sniffing Konsep Sniffing

4 Sniffing Targets Data Link layer of protocol stack
Sniffer – gathers traffic off network This data can include userIDs passwords transmitted by telnet, DNS queries and responses, sensitive s, FTP passwords, etc. Allows attacker to read data passing a given machine in real time. Two types of sniffing: Active Passive Sniffing

5 Sniffing Active Passive Attacker still needs an account
Several different attacks: - Parsing Packets - Flooding - Spoofed ARP Messages - DNS Spoofing - HTTPS and SSH spoofing Passive Attacker must have account on LAN Done over a hub Usually once access is gained on one computer attacker uses passwords to get in other computers Sniffing

6 Passive Sniffing user1 HUB Server user2 Bad guy
BLAH HUB BLAH BLAH user2 BLAH Bad guy - Message gets sent to all computers on hub

7 Active Sniffing user1 Switch Server user2 Bad guy
BLAH Switch BLAH user2 Bad guy - Message gets sent to only requesting computer by looking at MAC address

8 Dsniff Offers several ways around a switch
Available for OpenBSD, Linux, Solaris, and there is a version for Windows Very popular and versatile In conjunction with sshmitm and webmitm, conducts all the above attacks Dsniff

9 Major Problems with Sniffing
Any mischievious machine can examine any packet on a BROADCAST medium Ethernet is BROADCAST at least on the segments over which it travels Getting passwords is the first step in exploiting a machine is plaintext and vulnerable Major Problems with Sniffing

10 What does one sniff? passwords email financial account information
confidential information low-level protocol info to attack hardware addresses IP addresses routing, etc

11 What are the components of a packet sniffer?
1. Hardware : standard network adapters . 2. Capture Filter : This is the most important part . It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer. 3. Buffers : used to store the frames captured by the Capture Filter . What are the components of a packet sniffer?

12 What are the components of a packet sniffer?
4. Real-time analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection. 5. Decoder : "Protocol Analysis" . What are the components of a packet sniffer?

13 Sniffers also work differently depending on the type of network they are in.
Shared Ethernet Switched Ethernet How does a Sniffer Work?

14 How can I detect a packet sniffer?
Ping method ARP method DNS method

15 Packet Sniffer Mitigation
Host A Host B Router A Router B The following techniques and tools can be used to mitigate sniffers: Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. Switched infrastructure—Deploy a switched infrastructure to counter the use of packet sniffers in your environment. Antisniffer tools—Use these tools to employ software and hardware designed to detect the use of sniffers on a network. Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.

16 Top 11 Packet Sniffers Wireshark Kismet Tcpdump Cain and Abel Ettercap
Dsniff NetStumbler Ntop Ngrep EtherApe KisMAC Top 11 Packet Sniffers

17 Working of Cain & Abel

18 What are sniffers used for?
Detection of clear-text passwords and usernames from the network. Conversion of data to human readable format so that people can read the traffic. Performance analysis to discover network bottlenecks. Network intrusion detection in order to discover hackers. What are sniffers used for?

19 Prevention of Sniffing
Segmentation into trustworthy segments bridges better yet .. switched hubs Not enough “not to allow sniffing” easy to add a machine on the net may try using X-terminals vs workstations Prevention of Sniffing

20 Prevention of Sniffing(more)
Avoid password transmission one solution is r..family rlogin, rcp, rsh, etc put trusted hosts in .rhosts many SAs don’t want users to use them Using encrypted passwords Kerberos PGP public keys Prevention of Sniffing(more)

21 If all other attempts to gather passwords fail, then a keystroke logger is the tool of choice for hackers Keystroke loggers (keyloggers) can be implemented either using hardware or software Keylogger

22 Hardware keyloggers are small hardware devices that connect the keyboard to the PC and save every keystroke into a file or in the memory of the hardware device In order to install a hardware keylogger, a hacker must have physical access to the system

23 Software keyloggers are pieces of stealth software that sit between the keyboard hardware and the operating system so that they can record every keystroke. Software keyloggers can be deployed on a system by Trojans or viruses

24 References http://netsecurity.about.com/cs/hackertools/a/aa121403.htm

Download ppt "Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com Sniffing & Keylogger Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Packet Sniffing - By Aarti Dhone.

Packet Sniffing - By Aarti Dhone.
1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.

1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Similar presentations

Ads by Google