10.1 - Sniffing

 10.1 - Sniffing 

 

Key Terms 

    • Sniffing – The process of collecting information as it crosses the network. 
    • Promiscuous mode – Turning on promiscuous mode gives the network interface permission to grab every frame that comes its way. 
    • MAC spoofing – Changing the MAC address of the interface driver to impersonate another host on the network. 
    • MAC flooding – Overloading a switch’s CAM table in hopes that it will respond by broadcasting all traffic. 
    • ARP poisoning - Sending spoofed messages onto a network to associate your MAC address with another host's IP address. 
    • Port mirroring – Creating a duplicate of all network traffic on a port and sending it to another device. 

 

Vulnerable Protocols 

Packets that are being sent with less secure protocols can be intercepted more easily. For example, SMTP, POP3, FTP, IMAP, HTTP, and Telnet are all examples of protocols without proper security setup. This is because these protocols rely on security measures being used on a different layer. 

 

MAC Spoofing 

NIC MAC addresses are hardcoded into the network interface card. However, it is possible to change the network driver’s MAC address. This allows a hacker to pose as another client and steal network traffic. 

 

MAC Flooding 

Switches store MAC addresses inside a CAM database. These MAC addresses relate to ports which are used by the correct nodes. Hackers can flood the CAM table with MAC addresses to fill it up. This causes the switch to broadcast all traffic to every port, essentially turning it into a hub. 

 

ARP Poisoning 

The address resolution protocol (ARP) maps IP addresses to MAC addresses and provides the most efficient path for data transmission. ARP broadcasts are permitted to freely roam around the network. Hackers can abuse this and send spoofed messages to associate their MAC addresses with a different IP address, preferably the default gateway. 

 

Port Mirroring 

Port mirroring creates a duplicate of all network traffic across a port and sends it to another device. This device is controlled by a hacker. 

 

Sniffing Countermeasures and Detection 

Network intrusion systems can alert network administrators of attacks on the network. These systems search for anomalies in network traffic and can detect a wide range of attack methods. Physical security should also be implemented to protect server rooms and WAPs. Network security configurations can be made such as switching to IPv6, using secure protocols, encrypting sensitive traffic, and implementing switched networks. Switches should be configured to segment network traffic, enable port security, shut down ports with overflowing MAC addresses, and allow DHCP snooping. 

Comments

Post a Comment

Popular posts from this blog

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

Useful Core A Acronyms

  Useful core A acronyms     NGO – Non governmental organisation   KPI – Key performance indicator   USP – Unique selling point   CRM – Customer relationship management   Saas – Software as a service   CAB – Change advisory board   SMARTER – Specific, measurable, accurate , realistic, time-bound, evaluate, re-evaluate   IPO – Intellectual property office   RCD – Registered community designs   UCD – Unregistered community designs   TNA – Training needs analysis   PRR – Post project reviews   COBC – Code of business conduct   BCS – British computing society   ML – Machine learning   CVS – Computer vision syndrome   RSI – Repetitive strain injury   DSE – Display screen equipment   HSE – Health and safety executive   ODD – Optical disk drive   RPM – Revolutions per minute   CPU – Central processing unit   RAM – Random access memory   EMI – Electromagnetic inter...
Read more