Week 6 Reading Summary and Article

1 Key Point:

The reading for this week discusses Packet Sniffing in both switched and non-switched environments. It explained ARP Spoofing that is done mainly through the main in the middle attach where the attacker poisons the ARP cache with their own information, intercepting data between the target machines. Tools such as ettercap and cain were also mentioned, specifically how they highlight sensitive areas of sniffed traffic, specifically usernames and passwords.

Steps to mitigate threats from packet sniffing mentioned include detection of packet sniffers (using software), locking down the network environment (ie. vlan) and encryption or IPsec. The latter is the most viable.

Question:

Why is replacing insecure protocols not feasible in some settings? Do the benefits of using insecure protocols weigh more than the security risk it poses?

Article:

Security firm discovers Linux botnet that hits with 150 Gbps DDoS attacks

http://www.engadget.com/2015/09/29/linux-botnet-hits-with-150-gbps-ddos/

Linux-based botnet spreads via malware through embedded devices and gains SSH access. It will then pull down botnet software and propagate.

The botnet is capable of driving very high volume of  traffic every minute at its targets, bringing it down as a result. Linux machines need to be hardened more than ever.