Week 6: Sniffers and what’s in the News.
There are different sniffing techniques that can be applied within a switched and non-switched environment; ARP spoofing techniques and tools are available that allows an attacker to conduct network reconnaissance. This method has been proven very effective in a switched environment with fairly good accuracy built-in logic allowing many network protocols to be decoded, they have the capability to filter the sniffed traffic on the fly, and highlight sensitive information such as usernames and passwords which has dangerous implications.
There are more challenges to eavesdrop on network traffic in a switched environment because switches will only send network traffic to the machine that it is destined for; this ability can be seized with the right tool.
Packet sniffing in a non-switched environment is vulnerable if the organization is not employing strong encryption to slow down and even stop certain sniffing and password cracking attacks. For example, the most widely used encrypted protocol, which happens to be vulnerable to sniffing and cracking attacks is Microsoft’s LAN Manager Protocol. Multiple MS LM iterations have been released in an effort to address this vulnerability but it is penetrable and data can be infiltrated and/or exfiltrated.
There are ways to mitigate the risk of sniffing tools however, it starts by Locking down the network environment. Locking down the environment is one of the more holistic way to secure the network. Software applications, virtual LANs attempt to control and segment a network into logical segments is one way. That being said, they are still vulnerable to sniffing; therefore the most viable solution to protect against packet sniffing is encryption using IPSec33.
What’s in the News:
Attackers have developed a botnet capable of 150+ gigabit-per-second (Gbps) distributed denial of service (DDoS) attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems.
To find out more, please click on the link below: