This document discusses packet sniffers and network security. It provides details on how packet sniffers work by capturing all network packets using a network adapter in promiscuous mode. It notes protocols like Telnet, FTP, SNMP, and POP that pass information in clear text that can be exploited. It then describes techniques to mitigate packet sniffers like authentication, switched infrastructure, and antisniffer tools. The document outlines trends affecting security and categories of network threats and attacks like reconnaissance, denial of service, and worms/viruses. Specific attack types are listed and examples of reconnaissance attacks through IP and domain queries are shown.
3. Packet Sniffers
Host A Host B
Router A Router B
• A packet sniffer is a software application that uses a network adapter card
in promiscuous mode to capture all network packets. The following are the
packet sniffer features:
Packet sniffers exploit information passed in clear text. Protocols that pass
information in the clear include the following:
•Telnet
•FTP
•SNMP
•POP
Packet sniffers must be on the same collision domain.
3
4. Packet Sniffer Mitigation
Host A Host B
Router A Router B
• The following techniques and tools can be used to mitigate sniffers:
Authentication—Using strong authentication, such as one-time passwords, is a first
option for defense against packet sniffers.
Switched infrastructure—Deploy a switched infrastructure to counter the use of
packet sniffers in your environment.
Antisniffer tools—Use these tools to employ software and hardware designed to
detect the use of sniffers on a network.
Cryptography—The most effective method for countering packet sniffers does not
prevent or detect packet sniffers, but rather renders them irrelevant.
4
5. Trends that Affect Security
• Increase of network attacks
• Increased sophistication of attacks
• Increased dependence on the network
• Lack of trained personnel
• Lack of awareness
• Lack of security policies
• Wireless access
• Legislation
• Litigation
5
6. Network Threats Attack Examples
• There are four general categories of security threats to the
network:
Unstructured threats
Structured threats
External threats Internal
exploitation
Internal threats Internet Dial-in
Ex exploitation
ex tern
pl o a l
it a
ti o
n
Compromised
host
6
7. Four Classes of Network Attacks
Reconnaissance attacks
Access attacks
Denial of service attacks
Worms, viruses, and Trojan horses
7
8. Specific Attack Types
• All of the following can be used to compromise your system:
Packet sniffers
IP weaknesses
Password attacks
DoS or DDoS
Man-in-the-middle attacks
Application layer attacks
Trust exploitation
Port redirection
Virus
Trojan horse
Operator error
Worms
8