1 / 12

Spoofing and Sniffing

vladimir
Download Presentation

Spoofing and Sniffing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Spoofing and Sniffing Notes from: Internet Security Professional Reference, 2nd ed National Computer Security Association New Riders Publishing

    2. Sniffing

    3. Spoofing

    4. Major Problems with Sniffing Any mischievious machine can examine any packet on a BROADCAST medium Ethernet is BROADCAST at least on the segments over which it travels Getting passwords is the first step in exploiting a machine email is plaintext and vulnerable

    5. Spoofing & OSI Penetration techniques exploit any and all levels of the model Attacks vary based upon the vulnerability at that level

    6. What does one sniff? passwords email financial account information confidential information low-level protocol info to attack hardware addresses IP addresses routing, etc

    7. Prevention of Sniffing Segmentation into trustworthy segments bridges better yet .. switched hubs Not enough “not to allow sniffing” easy to add a machine on the net may try using X-terminals vs workstations

    8. Prevention of Sniffing(more) Avoid password transmission one solution is r..family rlogin, rcp, rsh, etc put trusted hosts in .rhosts many SAs don’t want users to use them Using encrypted passwords Kerberos PGP public keys

    9. MAC level Spoofing Focus on ethernet (widespread use) Cards have unique addresses at manufacturer Many cards CAN be reconfigured by user bridge has no MAC address but sends with source address of the originator faking address has opportunity for mischief

    10. Prevention MAC spoofing VERY difficult Intelligent hubs can be made to expect certain MACs on ports but machines can still be swapped physical measures

    11. ARP spoofing What is ARP? IP->MAC mapping Make some machine think that the IP address it is searching for is you. How it works: Broadcast and ask if anyone knows Response is typically from that IP

    12. ARP spoofing (more) If 2 machines (real and fake) respond, effect depends on OS some OS overwrite earlier response other OS ignore unless it’s current entry expires Original can be disconnected by Power Wiring (connectivity)

    13. Prevention of ARP spoofing Basic Premise: ARP TRUSTS RESPONSE If the machine is one you need to trust: make a PERMANENT entry in arp cache arp -p ... Use an arp server Don’t let the machine respond for itself make administration a little more cumbersone but is probably worth it! but.. server can be spoofed

More Related