Eastern Michigan University - PowerPoint PPT Presentation

Loading...

PPT – Eastern Michigan University PowerPoint presentation | free to view - id: 7888c2-MzE2N



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Eastern Michigan University

Description:

Eastern Michigan University Asad Khailany , Eastern Michigan University Dmitri Bagatelia , Eastern Michigan University Wafa Khorsheed , Eastern Michigan University – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 29
Provided by: emic158
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Eastern Michigan University


1
Eastern Michigan University
  • Asad Khailany , Eastern Michigan University
  • Dmitri Bagatelia , Eastern Michigan University
  • Wafa Khorsheed , Eastern Michigan University

2
Do You Want to become a Hacker?
  • Now you can get an MS degree specializing on
    hacking techniques from a university in Paris
    France.
  • Do not miss this golden opportunity!
  • Soon you will see your institution also offers a
    degree in hacking techniques

3
ABSTRACT
  •   Computers on the network normally only listen
    to communications destined to them.
  • However, when they enter promiscuous mode they
    can listen to all communications whether destined
    or not destined to them.
  •   Computers are put into the promiscuous mode by
    installing software package known as packet
    Sniffers.

4
ABTRACT
  •    Sniffers are the best tools for hackers to
    attack computers.
  • Network administrators use Sniffers for network
    troubleshooting and security analysis. Many
    sniffing and anti sniff packages available on the
    Internet for download.
  •  This paper discusses sniffing and anti
    sniffing, their advantages and disadvantages, and
    presents some recommendations to make network
    systems and their data more secure.

5
INTRODUCTION
  • A computer to be able to listen to all
    communications on the network must be in a
    multi-partners mode. Such mode is known as the
    promiscuous mode
  •    Through packed Sniffers computers can
    transfer to the promiscuous mode.
  •      Attackers love packet Sniffere.
  •    Sniffers are valuable tools needed by network
    administrators to do network trouble shooting, to
    perform network security analysis and to measure
    the performance of network system.

6
INTRODUCTION - 2
  •   Sniffers are used by law enforcement agencies
    to monitor network systems.
  •   Anti sniff packages are available to determine
    whether or not a suspected remote computer is
    listening in to all communications on the
    network.
  •    Several methods utilized by anti sniff
    package to identify suspected computers on the
    network are discussed in this paper.

7
What sniffing packages used for?
  • Sniffing packages used for
  •         Network traffic analysis to
  • 1.    Identify the type of network application
    used.
  • 2.    Identify the hosts using the network.
  • 3.    Identify the bottlenecks.
  • 4.  Capture data sniffing packages used for
  • troubleshooting of network applications.
  • 5.    Create network traffic logs.

8
More usages of sniffing packages
  •   Gathering private data such as passwords,
    credit cards information, email messages, .. etc.
  •    Establishing connection with senders while
    using authentication provided by receiver.
  •     Modifying and resending data to recipients.

9
SNIFFERS AND NETWORK ARCHITECTURES
  • Sniffing is possible because most network
    architectures use shared medium and protocols
    that presume only intended computer receives and
    reads the message.

10
Case Ethernet architecture
  • Computer A sends a message to Computer C.
    Since all computers share the same line Computers
    B and D can listen to messages if they are in
    promiscuous (multi partner) mode. In this case
    the message was not change but the privacy was
    compromised since data was only copied and not
    modified.

11
Case Routed network
  • Routed protocol, means that sent message might
    be handled by several hosts.
  • Any of the hosts can copies the message or
    changes the message and forwarded to others
    hosts. The final recipient of the message will
    never know that the message was modified. Thus
    the security risk taking in routed protocol is
    much greater than Ethernet architecture.

12
DIFFERENT METHODS FOR DTECTING ACTIVE SNIFFERS
  • Theoretically it is impossible to detect active
    Sniffers if they only listen without sending
    anything i.e. if they are in passive mode.
    Practically there are some methods can be used to
    identify suspected computers that are trying to
    listen to messages not intended for them.
  • Some Popular Methods To Identify Suspected
    Computers Are

13
1. PING METHOD.
  •         A computer is uniquely identified on the
    network by its serial number of its network
    computer card. This hardware address is called
    MAC (Media Access Control address).
  •         Sniffer always turns off MAC filter on
    its host device, thus it can receive all messages
    that are intended or not intended for that
    device.

14
1. PING METHOD.
  • How to identify suspected computers ?
  •         Send a message to the suspected device
    using a wrong MAC address and a corrected IP
    address, the device should not respond if it has
    MAC address filter on, but if it runs in a
    promiscuous mode it will respond to the message.
    Thus a computer, which is listening, is
    identified.
  • New problems to be solved
  •         The newer sniffer devices/programs have
    built-in filters, which prevent such kind of
    responses.

15
2. ARP Address Resolution Protocol METHOD.
  • ARP is a TCP/IP protocol maps an IP address into
    physical address.
  • The ARP method uses arp packets.
  • On a network when a computer sends arp request to
    a broadcast address, all those computers see that
    request send an arp answer with their IP to MAC
    address mapping.
  • How suspected computers identified?
  • If such request is sent to a regular
    non-broadcast address, there should not be any
    reply, if a reply is received that computer will
    be a suspected sniffer device.

16
3. DNS METHOD.
  • The DNS method works on the
    assumption that many attackers use IP addresses
    to find DSN names.
  • Most sniffer programs have a feature
    to do a reverse DNS lookup using an IP to get the
    hostname.
  • How suspected computers identified?
  • An anti sniff package places itself
    in a promiscuous mode and sends a message to
    fictitious hosts such as charge BankC.com. The
    address of all computers that use reverse lookup
    request referencing the fictitious hosts are
    flagged as being suspected computers.

17
4. SOURCE-ROUTE METHOD
  • IP header has an option of loose source routing.
  • Routers ignore destination IP address and instead
    will forward message to the next IP in
    source-route option.
  • How to identify suspected computers ?
  • Turn off packet routing on a specific computer
    and the packet should be dropped at that
    computer. A computer that sniffs messages
    responds to such message that the packed was
    dropped on the computer, which the package was
    dropped.
  • For instance, you send a message from computer A
    to computer B, but you route it through computer
    C first. If you turn off packet routing on
    computer C, then packet should be dropped. Thus,
    if computer B responds to such message, that was
    dropped at C, it means computer B sniffed the
    message.

18
5. DECOY METHOD.
  • This method sets up a victim computer that will
    repeatedly run script to login to a remote server
    using a dummy account with no real permissions,
    and try to find any hacker who tries to use that
    dummy account to login to the remote server.
  • How to identify suspected computers?
  •         Setup a victim computer that will
    repeatedly run script to login to a remote server
    using a dummy account with no real permissions.
  •         Any hacker who gets such login
    information tries login to remote server.
  •         Any login attempt not originated from
    the victim computer indicates that someone was
    sniffing on your network and stole that account
    number information.

19
6. OTHER METHODs.
  • There are many more methods that can be used to
    detect sniffing activities
  • None works 100 of the time, because hackers
    already know them and try to work around those
    detection methods.
  • One of the among the best software packages
    that use all the above methods to find sniffing
    activities is
  • AntiSniff package (http//www.securitysoftwaretec
    h.com/antisniff/)

20
Protocols targeted for sniffing by hackers
  • Protocols that transmit data in plain text
    format make it easy for hackers to get what they
    want. Some of protocols targeted for sniffing
    are
  • 1.     telnet
  • 2.     rlogin (user sessions and passwords)
  • 3.     HTTP(passwords, web-based emails)
  • 4.     Simple Network Management Protocol
    (passwords)
  • 5.     Network News Transfer Protocol
    (passwords)
  • 6.     Post Office Protocol (passwords, emails)
  • 7.     File Transfer Protocol (passwords)
  • 8.     Internet Message Access Protocol
    (passwords, emails).

21
METHODS TO ENFORCE NETWORK SECURITY
  • switched network
  • Use of switched network eliminates use of
    shared wire.
  • Switch knows the location of every device on
    the network, and sends data directly to the
    intended recipient without transmitting the
    message all over the network.
  • The diagram in the next slide compares two
    network of computers one interconnected by a hub
    and the other interconnected by a switch.

22
Switch And Hub Networks
Hub
Switch
  •  
  • Hubs send communications to all
  • connected computers.
  • Switch, on the other hand,
    remembers what
  • computer is connected to what port
    on the
  • switch, thus it forwards message
    only to one
  • computer.

23
Data encryption Method
  •    This one of the oldest security routines used
    to enforce security.
  •    Many software algorithms and software
    packages are available to encrypt data.
  •    You can encrypt you messages before sending
    them, e.g. PGP (Pretty Good Privacy) is being
    used to encrypt email messages.
  • You can choose a secure protocol with
    built-in encryption schemes, e.g. SSH (Secure
    Shell) instead of telnet of rlogin.

24
Some disadvantages of encrypting over plain text
messages
  •    Encrypting increases the message size as
    well as response time, since message has to be
    not only encrypted on one end, but also decrypted
    by the recipient on the other end.
  •   It might not be a reasonable solution for
    some setups that require very high response time.

25
Some important usages of sniffing methods
  • Sniffing methods can be used for
  •   Network management.
  •  Traffic analysis can identify who is using what
    network resource in what way. For instance, you
    can identify users who use most of your
    bandwidth, then you can find out whether they use
    it for a legitimate purpose or not.
  •   Because most network applications use fixed
  • port numbers you can filter traffic and
    identify software that are being used..
  •   Maximizing network performances.

26
More usages of sniffing methods
  • Not all packets capturing is intended to
    compromise security. For instance, during
    programming of a network application programmers
    might want to see the network traffic that local
    computer generates, so that troubleshooting of
    the application can go much faster.
  •    It is also possible to use sniffer to create
    log of all network traffic, so that serve as
    evidence in case security is compromised on some
    other system on the network. Those logs can be
    used to track down the intruders and to support
    legal action to bring those hackers to justice.

27
CONCLUSION
  •  The security threat that sniffers pose can be
    minimized using combination of switched networks
    and encryption.
  • Sniffers can be sometimes detected using
    sniffing detection software.
  •   Network professionals to manage networks for
    identifying problems and monitoring usage of
    network resources have used sniffers for a long
    time.
  • Hackers utilize Sniffing packages to attack
    networked computers to steal information.
  •   It may be impossible to make sure that no one
    uses sniffing packages against you, but it is
    important to make sure that unauthorized people
    could not get useful information.

28
REFERENCES.
  • 1. Web Server Security, Maintenance by Eric
    Larson Bruan
  • 2.http//lin.fsid.cvut.cz/kra/index.html
  • 3. http//www.eeye.com/
  • 4. http//neworder.box.sk/
  • 5. http//www.securitysoftwaretech.com/
  • 6. http//www.winsniffer.com/
  • 7. http//www.snifferpro.co.uk/
  • 8. http//stein.cshl.org/lstein/talks/WWW6/sni
    ffer/
  • 9. http//www.atstake.com/
  • 10. http//www.swrtec.de/clinux/
  • 11. http//stein.cshl.org/lstein/talks/WWW6/snif
    fer/
About PowerShow.com