Beruflich Dokumente
Kultur Dokumente
com) :
Abstract:
Sniffing and spoofing are the important task to analysis the network and get over the network. Sniffing is the electronic form of eavesdropping. Sniffing is the most effective
to analyze the traffic from the main source to other source whether it is in encrypted or unencrypted form. While in bad manner it is used by hacker to capture the data. Data can contain the private information like passwords, email ids, various database records, and contents of the mails, download stuff Etc. , Which can easily use by the hacker and can do wrong things. Spoofing is done with the help of sniffing because with the help of sniffing it is more effective.
technique which is used to attack over the network and gain over the network. Sniffing captures the network traffic includes packets, ports etc. while spoofing is the technique to get the identity of another computer with the special privileges so as to get over to the network. For the hackers it is the most useable technique to get over the network. Hackers first sniff the network so as to determine from which location the traffic comes, then capture them and spoof the network.
Introduction:
Sniffing and spoofing are the most effective security threats which target the network infrastructure. Both works at the low level supporting the application that uses the network. Sniffing is a passive security attack. Sniffing word comes from the word sniff the ether where ether is Ethernet network while spoofing is the active security attack. Spoofing follows the term masquerade. Masquerade means fooling the other machines on the network into accepting the other user into real or original network. Spoofing do the job of disturbing the data and inject that data which behaves Like real or original to the other machines. But the main difference In sniffing and spoofing is that sniffing does not interrupt and alters the data but spoofing does. Sniffing can be used in the good and bad manner. In good manner it is used by the network analyzer
hacker main task is to identify the machine or target. Sniffing is done by a tool named sniffer. Sniffer captures all the packets.
1) ARP Based Sniffing. Address Resolution Protocol is a network protocol. It is stateless protocol. ARP based sniffing is done on the switched network. To use ARP based sniffing we need two hosts which we want to investigate or get over the host and identifying our self the other host between the two hosts. After selecting the hosts we Poison ARP cache of the two hosts. As soon as the ARP caches are poisoned the hosts connect but instead of sending the traffic directly to the other host it gets sent to the administrator who then logs the
traffic and forwards it to the real host on the other side of the connection.
POP: Passwords and data are sent in the clear text across the network. FTP: Passwords and data are sent in the clear text across the
network. IMAP: Passwords and data are sent in the clear text across the network.
traffic intended for a specific host over each individual port, making it too difficult to sniff the entire networks traffic but unfortunately this is not an option for wireless networks due to the nature of wireless communications.
The only way to protect wireless users from attackers who might be sniffing is to utilize encrypted sessions wherever possible: SSL for e-mail connection, SSH instead of Telnet, and Secure Copy (SCP) instead of File Transfer Protocol (FTP). To protect a network from being discovered with sniffing
HTTP: The default version of HTTP has many loop-holes . Basic authentication is used by many websites, which usually send passwords across the wire in the plain text. Many websites use a technique that prompts the user for a username and password that are sent across the network in the plain text. Data sent is in clear text. SNMP: SNMP traffic that is SNMPv1 has no good security. SNMP passwords are sent in clear text across the networks. NNTP: Passwords and data are sent in the clear text across the network.
tools, it is important to turn off any network identification broadcasts and if possible, close down the network to any unauthorized users.
Detecting a Sniffer:
Sniffers are a major source of contemporary attacks. The ifconfig command is used to detect if a sniffer has been installed.
The ifconfig command displays the current configuration of your network interface. Most Ethernet adaptors are configured to accept only messages intended for them. An attacker must set a computers adaptor to promiscuous mode, in order to listen to (and record) everything on its segment of the Ethernet. Antisniff, that scans networks to determine if any NICs are running in promiscuous mode. These detection tools should run regularly, since they act as an alarm of sorts, triggered by evidence of a sniffer. Promqry 1.0, developed by Tim Rains at Microsoft can be used in identifying Sniffers. According to Tim Rains many network sniffer detection tools rely on bugs in the operating system and sniffer behavior for their discovery work. Promqry is different in that it can query systems to learn if any have a network interface operating in promiscuous mode, which as you know is a mode commonly use by network sniffing software. A command line version and a version with a GUI of Microsofts site. Promqry 1.0 is available at
from another valid IP address. In IP address spoofing, IP packets are generated with fake source IP addresses in order to impersonate other systems or to protect the identity of the sender. To explain this clearly, in IP address spoofing, the IP address information placed on the source field of the IP header is not the real IP address of the source computer, where the packet was originated. By changing the source IP address, the actual sender can make it look like the packet was sent by another computer and therefore the response from the target computer will be sent to the fake address specified in the packet and the identity of tha attacker is also protected.
Spoofing Types:
2) SMS Based Spoofing. 1) I.P Based Spoofing. SMS spoofing is a relatively new technology which uses the IP address spoofing is a type of attack when an attacker assumes the source Internet Protocol (IP) address of IP packets to make it appear as though the packet is coming short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating
mobile number (Sender ID) with alphanumeric text. Spoofing has both legitimate uses (setting the company name from which the message is being sent, setting your own mobile number, or a product name) and illegitimate uses (such as impersonating another person, company, and product).
impersonate another network device. A user may wish to legitimately spoof the MAC address of a previous hardware device in order to reacquire connectivity after hardware failure.
References:
http://www.techiwarehouse.com/engine/423a5281/IPSpoofing-and-Sniffinghttp://www.spamlaws.com/how-IP-spoofing-works.html http://en.wikipedia.org/wiki/Spoofing_attack