Transcript Packet Sniffers

Packet Sniffers
Prepared By:
Amer Alhorini
Supervised By:
Dr. Lo'ai Tawalbeh
NYIT
New York Institute of Technology
1
The Network Today
2
Packet Sniffers
Host A
Router A
Router B
Host B
• A packet sniffer is a software application that uses a network adapter card
in promiscuous mode to capture all network packets. The following are the
packet sniffer features:
Packet sniffers exploit information passed in clear text. Protocols that pass
information in the clear include the following:
•Telnet
•FTP
•SNMP
•POP
Packet sniffers must be on the same collision domain.
3
Packet Sniffer Mitigation
Host A
Router A
Router B
Host B
• The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first
option for defense against packet sniffers.
Switched infrastructure—Deploy a switched infrastructure to counter the use of
packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware designed to
detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet sniffers does not
prevent or detect packet sniffers, but rather renders them irrelevant.
4
Trends that Affect Security
• Increase of network attacks
• Increased sophistication of attacks
• Increased dependence on the network
• Lack of trained personnel
• Lack of awareness
• Lack of security policies
• Wireless access
• Legislation
• Litigation
5
Network Threats Attack Examples
• There are four general categories of security threats to the
network:
Unstructured threats
Structured threats
External threats
Internal threats
Internet
Dial-in
exploitation
Internal
exploitation
Compromised
host
6
Four Classes of Network Attacks
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses
7
Specific Attack Types
• All of the following can be used to compromise your system:
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms
8
Reconnaissance Attack Example
• Sample IP
address
query
Sample
domain
name
query
9