Then switch to the last manuscript sniffing techniques in switching environments, an introduction to some of the attacks and as I go.
1) Switch Jamming
As mentioned earlier, the actual switch receives the original destination only sends packets to the bridge equipment. However, with the wrong MAC address by sending a packet to continue to act as a hub, switch, can be made. Many types of switches when the address table is full, the packets are broadcast to all ports will be using the properties.
2) ARP Redirect
Dsniff leading tool in this manner, such as sniffing tool provides. When a packet is sent over the network have an IP address of the destination MAC address of its destination using some to ask whether it is called ARP request. Put another way, the teacher entered the classroom 'This is a student who is a half coconut please raise your hands' is like.
ARP request is broadcast to all hosts on the network receives the packet and its host with its IP to use such IP ARP reply Think I will give. Coconut students 'Me!' Is the same as the sondeuneun. Orange was a student, but instead of coconut students 'Me!' Sondeunda and even ... yes. Teachers will be naive to believe the same.
However, an attacker using a tool such as the arpspoof continue with a false ARP reply can be sent.
Reply to the above case, the two will be. In this case, the packet has been reached according to the order and the response of 10.1.1.1 or 10.1.1.3, depending on the implementation of the response will believe. If you believe the response from 10.1.1.3 to 10.1.1.1, if the packet is sent, but will be sent to 10.1.1.3.
But the problem right before the ARP Request ARP reply sent out the same way as above that when the target system's ARP cache is stored in the ARP cache that the contents in the 10.1.1.1 If there is information about the ARP request does not bother is that. Above this point the attacker false answers will be sent periodically to continue. Of course, since before the ARP request.
10.1.1.3 to 10.1.1.1 in the packet will go will go. 10.1.1.1 as well as communicate properly because they are in position to try this soon will be able to notice, but the contents of the packet is 10.1.1.3 immediately after being saved forwarded to 10.1.1.1, as it did not happen, so communication is not a problem .
If it was an attack target computers, the router can be fatal. Systems on the LAN to the Internet to steal all the packets sent and received can be viewed this way, the attacker on the 10.1.1.1 sokyeotgi an ARP Reply, because it is sometimes referred to as ARP Spoofing.
3) ICMP Redirect
Ping ICMP Echo message, and when you use a program that they use ICMP Echo Reply message will be aware that many minutes. Thus the ICMP protocol error messages on the network, transmission, troubleshooting, etc. are used to sniff their way of using ICMP Redirect messages is basically an ARP Redirect as in the case of an attack packet to the target system is to come.
When there are multiple routers on the network inefficient routing paths if they exist (ie, I can send only 1 hop is set to spend time with 3 hop) to recommend to modify it for your router ICMP Redirect messages are sent. An attacker who successfully exploited this by sending ICMP Redirect messages must be sent with the packet itself.
4) ICMP Router Advertisement
ICMP Redirect and ICMP Router Advertisement message similar to the way a particular host that the router itself is a message informing about the other hosts. An attacker can exploit it as a router, another host their own thinking to myself that the packet should be sent.
5) MAC spoofing
Before the switch MAC address by default be sent to any destination through a packet determines that this was the way to learn the MAC address is as follows. Packets with specific destination MAC address, when you want to send,
① the MAC address to its MAC address table, verify that there is
② If there are registered on the table port sends a packet to
③ If it does not exist, all VLAN packets flowing in the same VLAN and the sending a packet
And how to update the MAC address table when a packet flow, the source MAC address of the packet, the packet with reference to let the port and MAC address information in a manner that is listed in the table.
Thus, in response to such cases, when it comes to the packet to the MAC address table, enter the appropriate information has been brought in the future, the response is sent to the port. However, the attacker attacks the target system with the MAC address of the packet, the packet source MAC address of the switch MAC address table to continue to send such content are registered at. Thus, the switch will send the packet to the attacker.
6) Switch on the SPAN / Monitor port settings
Most switches have a port monitoring feature, which a particular port (s) to accept and which takes care of sending the packet to another monitor port is optional. The attacker gained access to the switch out by applying the same settings as above, an attacker may be sent to the port connected to the system.
It would be very difficult, but if the switch is set to default is very easy. Because the switch's user ID, password easily able to obtain Internet search sites because.
No comments:
Post a Comment