Week 6 Reading Summary and In the News

Sniffing techniques allows to eavesdrop on switched networks, meaning when appropriate tools are used it is possible to collect network traffic data frames and packets in order to discover information of interest such as MAC Addresses, IP Schema and addresses, TCP/IP protocols in use, Port Numbers. While Packet Sniffers were meant to be used for “good-will” purposes such as Administrative and Monitoring of data traffic, tools may be used by malicious users/attackers to harm or disrupt networks. Switched Packet Sniffing is more difficult to accomplish since managed switches normally send traffic directly on port-by-port basis and only “man-in-the-middle attack” would possibly sniff data. In contrast, non-switched sniffing is easy since all traffic is being transmitted across all switches without directed transmission, so when NIC is in “promiscuous” mode all data in network is visible. Sniffed data may reveal certain weaknesses in network communications such as weak port and protocol in use that can be exploited during hacking attacks. Sniffed data is broken down to PacketDataUnit (PDU) layers as per OSI model that would reveal precise data information from each layer up from Layer 7 down to Layer 1. One of sniffing techniques would be an ARP or IP spoofing, which allows an attacker to eavesdrop on network traffic, replace attacker’s MAC/IP Address with victim’s address and masquerade hacker as being legitimate user. However, certain firewalls such as Cisco ASA firewall have feature called ACL and Source Control of Ingress Traffic that would deny access to an attacker if internal MAC/IP is being used from outside of internal network. Encryption of data in motion would be ideal to have to prevent from sniffing attacks. Switch PortSecurity features are useful against sniffing attacks.

Question to the Class: