Sie sind auf Seite 1von 15

SNIFFERS, SNIFFING, SPOOFING

AND VULNERABLE PROTOCOL

Submittted to Prof. Piyush Shukla

Submitted by Prashant Sharma

CONTENTS Sniffers Spoofing Forms of spoofing Sniffing Types of sniffing tools Sniffing method Vulnerable protocol Cross site scripting SQL injection bibliography

SNIFFERS

Sniffers or packet analyzer is computer program or piece of hardware that can intercept or log traffic passing over a digital network or part of a network
Packet travels across the network so sniffer decodes each packet

SPOOFING

Action that make an electronic transmission appear to originate from where that it does not Spoofing is the process of creating TCP/IP packet using somebody else IP address Spoofing can be used to steal important update

FORMS OF SPOOFING

IP spoofing It is act of manipulating the header in a transmitted message to mask a hackers true identity URL spoofing It occurs when one website appear as it is another. The URL appear is not the real URL of website

Email spoofing It is act of altering the header of an Email so that email appears to be sent from some one else

SNIFFING

Sniffing is the technique of monitoring every packet that cross the network Wire shark is an example of a sniffing tool use for sniffing Theoretically it is impossible to detect sniffing tool because they are passive in nature

TYPES OF SNIFFING TOOL

Commercial packet sniffer They help to maintain network by analysis bottleneck and intrusion detection to monitor for attack Underground packet sniffer They are used by the attackers to gain unauthorized access

SNIFFING METHODS

IP based sniffing It is the original form of snipping . It work by putting machine into promiscuous mode and sniffing all packets matching the IP address filter

MAC based sniffing It works by putting the machine in promiscuous mode and matching all packets with MAC address filter Suitable for non switched network

..

ARP based sniffing It does not put network card in promiscuous mode because ARP protocol is stateless. Sniffing can be done in switched network

VULNERABLE PROTOCOL

Protocols implemented in TCP/IP model layers are vulnerable Example of these kind of vulnerabilities are 1. cross site scripting 2. SQL injection

CROSS SITE SCRIPTING

It is an security vulnerability in which one site say A can create a program (or script) that they can trick you running on another site B It is of two types 1. Persistence 2. Non persistence

SQL INJECTION

This is the case of command injection Used in e-commerce and database applications

In database it is possible to construct a valid SQL statement that is significantly different from desired command and execute query that are intended

EXAMPLE OF SQL INJECTION


SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond' assume that the user enters the following: Redmond'; drop table OrdersTable- In this case, the following query is assembled by the script: SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond';drop table OrdersTable-

BIBLIOGRAPHY www.howstuffworks.com www.wikipedia.org www.traffeng.net www.netsecure.edu Computer network by Kurose and Ross

Das könnte Ihnen auch gefallen