Network sniffers & injection tools
Network Threats Attack
Specific Attack Types
Network Sniffer
How does a Sniffer Work?
How can I detect a packet sniffer?
Packet Sniffer Mitigation
Injection Tools
2. Network Threats Attack
Specific Attack Types
Network Sniffer
How does a Sniffer Work?
How can I detect a packet sniffer?
Packet Sniffer Mitigation
Injection Tools
Introduction
3. Network Threats Attack Examples
There are four general categories of security
threats to the network:
◦ Unstructured threats
◦ Structured threats
◦ External threats
◦ Internal threats
Internet
Internal
exploitation
Dial-in
exploitation
Compromised
host
4. Specific Attack Types
All of the following can be used to
compromise your system:
◦ Packet sniffers (Network sniffers)
◦ IP weaknesses
◦ Password attacks
◦ DoS or DDoS
◦ Man-in-the-middle attacks
◦ Application layer attacks
◦ Trust exploitation
◦ Port redirection
◦ Virus
◦ Trojan horse
5. • Packet sniffers (Network sniffers)
• Packet sniffing is a technique of monitoring every
packet that crosses the network.
• IP weaknesses
• Most networks and operating systems use the IP
address of a computer to identify a valid entity. In
certain cases, it is possible for an IP address to be
falsely assumed— identity spoofing.
• Password attacks
• U can use password cracking tools and techniques to
regularly audit your own organization.
• DoS and DDos
• DoS – Denial of service is attempt to make a machine
or network resource unavailable to its intended users,
such as temporarily from the interenet.
• DDoS – Distributed Denial of service is where the
attack source is more than one and often thousand of
unique IP addresses.
6. • Man-in-the-middle attacks
It is an attack where the attacker secretly
conversation between two parties and gain access to
information that the two parties were trying to send each
other.
Application layer attacks
It is the attacks where attacker change or disable the
function or features of website.
Trust exploitation
It is the attack to compromise is to compromise
Port redirection
In computer networking, port forwarding or port
mapping is an application of network address
translation (NAT) that redirects a communication
request from one address and port number
combination to another while the packets are
traversing a network gateway, such as a router or
firewall.
7. Virus
a piece of code which is capable of copying itself and
typically has a detrimental effect, such as corrupting the
system or destroying data
Trojan horse
Trojan horse, or Trojan, in computing is any malicious
computer program which misrepresents itself as useful,
routine, or interesting in order to persuade a victim to
install it.
◦
8. Network Sniffer
Packet sniffing is a technique of
monitoring every packet that crosses
the network.
Host A Host B
Router A Router B
Network sniffer is also called as
Packet sniffer
9. A packet analyzer (also known as a packet
sniffer) is a piece of software or hardware
designed to intercept data as it is transmitted
over a network and decode the data into a
format that is readable for humans.
Wireless sniffers are packet analyzers
specifically created for capturing data on
wireless networks. Wireless sniffers are also
commonly referred to as wireless packet
sniffers or wireless network sniffers.
10. How does a Sniffer Work?
Sniffers also work differently depending on the
type of network they are in.
1. Shared Ethernet
2. Switched Ethernet
11. How can I detect a packet sniffer?
Ping method
ARP method
DNS method
12. Packet Sniffer Mitigation
The following techniques and tools can be used to
mitigate sniffers:
Authentication—Using strong authentication,
such as one-time passwords, is a first option for
defense against packet sniffers.
Switched infrastructure—Deploy a switched
infrastructure to counter the use of packet
sniffers in your environment.
Host A Host B
Router A Router B
13. The following techniques and tools can be used to
mitigate sniffers:
Antisniffer tools—Use these tools to employ
software and hardware designed to detect the use
of sniffers on a network.
Cryptography—The most effective method for
countering packet sniffers does not prevent or
detect packet sniffers, but rather renders them
irrelevant.