Sniff sniff the part of the attack tools and I will show you how to defend.
Sniffing Tools
OS Name Description
Ethereal for Windows-based Ethereal UNIX was ported to Windows open source
Windump Tcpdump for Windows and ported.
NAI Sniffer sniffing, as well as provide a variety of statistical features such as (commercial)
EtherPeek sniffing, as well as provide a variety of statistical features such as (commercial)
WildPackets AiroPeek EtherPeek's products manufactured on a wireless network sniffing tools (commercial)
In addition to sniffing Cain & Abel password-cracking tools, including integration with features. In switching environments, sniffing and decode capabilities for the various protocols that have a (commercial)
Tcpdump Command-line tool for UNIX-based, rather than hacking for the purpose of troubleshooting tools most commonly used
Ethereal GUI-based GUI for UNIX, sniffing tool that has a very nice feature
snoop Sun Solaris sniffing tools that are built into the system, etc.
Sniffit associated information, and can easily see that the session content
WildPackets AiroPeek EtherPeek's products manufactured on a wireless network sniffing tools (commercial)
dsniff songdeokjun (Dug Song)
Hacking tools developed in switching environments. Included only those tools, rather than sniffing for SSL, SSH or Man-in-the-Middle-Attack tool is included. Various protocols for a user ID, password, collect information easily zoom.
LinSniff various protocols for a user ID, password, easily collect information to support the protocol, but less than dsniff. But the more lightweight.
tools introduced in esniff Phrack Magazine
ettercap sniffing tools in switching environments
snmpsniff SNMP only sniffing tools
Protocol is vulnerable to sniffing
As mentioned earlier, a malicious user intercepts the packet is not difficult to see. How to detect these attempts are known to itself, but try this one is impossible to completely seal can be seen.
But this is not a useful thing that earned all of the packets, encryption, or encrypted, even though is a simple way so that you can do it easily decrypt the packets used in such protocols can be used by an attacker. That kind of protocol, the protocol can be seen as vulnerable to sniffing, sniffing the protocol is vulnerable to some surreal.
(1) Telnet, Rlogin
Telnet, Rlogin user ID, password, including the contents of any communication is not encrypted because you can easily see the contents of any communication.
(2) HTTP
Commonly used in user authentication for HTTP Basic Authentication method encode very basic way, because it is easily user ID, password, you can get the information.
(3) SNMP
Simple Network Management Protocol SNMP protocol (Simple Network Management Protocol) as the name of security, almost did not take into account. SNMP protocols SNMPv1, SNMPv2, SNMPv3 security is increasingly divided by strengthening the back, but still the most widely used is the SNMPv1 protocol. That serve as the password and the SNMP community name, including all communications are not encrypted.
(4)
NNTP, POP, FTP, IMAP, SMTP, etc.
Sniffing the defense of
Broadcast domain in switch, MAC address set manually and by reducing the number of attempts to intercept packets, but as previously stated by other users attempting to intercept the packets it is impossible to Castro. Thus, even if it intercepts the packet with the contents of any action can not even use encryption techniques to prevent the most common and important defense mechanism that can be sniffed.
(1) SSL applies
HTTP, IMAP, POP, SMTP, Telnet, etc. by applying SSL HTTPS, IMAPS, POPS, SMTPS, Telnets may be due. Of course, most use of SSL over HTTP, and apply it your user name, password and e-commerce payment information such as Web surfing can encrypt the contents of.
(2) PGP, S / MIME
SMTP mail that is sent over unencrypted by default because the sniffing its contents could be achieved easily. PGP, S / MIME encryption for email and use can provide.
(3) SSH
To provide encrypted communications Telnet, FTP, RCP, Rlogin, and can be replaced.
(4) private or virtual private network (VPN)
Are concerned about sniffing on a network dedicated (leased line)
By connecting directly to the taps in the middle, to prevent that is private. However, this distance increases, the cost of using the Internet much more expensive than those that can not help. Internet connections and the effects of private network VPN is something to give. Encryption between VPN devices can be used to prevent eavesdropping.
Conclusion
Sniffing on the network can be made in various forms, and the following two steps can be seen as.
- Intercept packets
- The main information obtained through the intercepted packet decoding
Attempt to intercept packets is very difficult to block by decoding key information to prevent getting SSL, SSH, VPN, PGP can be used various techniques, such as.
No comments:
Post a Comment