Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology 1 The Network Today 2 Packet Sniffers Host A Router A Router B Host B • A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. The following are the packet sniffer features: Packet sniffers exploit information passed in clear text. Protocols that pass information in the clear include the following: •Telnet •FTP •SNMP •POP Packet sniffers must be on the same collision domain. 3 Packet Sniffer Mitigation Host A Router A Router B Host B • The following techniques and tools can be used to mitigate sniffers: Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. Switched infrastructure—Deploy a switched infrastructure to counter the use of packet sniffers in your environment. Antisniffer tools—Use these tools to employ software and hardware designed to detect the use of sniffers on a network. Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant. 4 Trends that Affect Security • Increase of network attacks • Increased sophistication of attacks • Increased dependence on the network • Lack of trained personnel • Lack of awareness • Lack of security policies • Wireless access • Legislation • Litigation 5 Network Threats Attack Examples • There are four general categories of security threats to the network: Unstructured threats Structured threats External threats Internal threats Internet Dial-in exploitation Internal exploitation Compromised host 6 Four Classes of Network Attacks Reconnaissance attacks Access attacks Denial of service attacks Worms, viruses, and Trojan horses 7 Specific Attack Types • All of the following can be used to compromise your system: Packet sniffers IP weaknesses Password attacks DoS or DDoS Man-in-the-middle attacks Application layer attacks Trust exploitation Port redirection Virus Trojan horse Operator error Worms 8 Reconnaissance Attack Example • Sample IP address query Sample domain name query 9