Page 95 - StudyBook.pdf
P. 95
General Security Concepts: Attacks • Chapter 2 79
Sniffing and Eavesdropping
Sniffing means eavesdropping on a network.A sniffer is a tool that enables a
machine to see all packets that are passing over the wire (or through the air on a
wireless network), even the ones not destined for that host.This is a very powerful
technique for diagnosing network problems, but it can also be used maliciously to
scan for passwords, e-mail, or any other type of data sent in the clear. For sniffing to
function, the network card has to be configured in promiscuous mode (which allows
it to process all packets on the wire) by the sniffer program.Tcpdump is the most
common UNIX sniffing tool, and comes with many Linux distributions. Snoop is
the Solaris equivalent.These two programs are command-line-based, and will
simply begin dumping all of the packets they see, in a readable format.They are
fairly basic in their functionality, but can be used to gain information about
routing, hosts, and traffic types. For more detailed command-line scanning,
WireShark from www.wireshark.org is a fully graphical sniffing program that has
many advanced features. One of the more powerful features of WireShark is the
ability to reassemble TCP streams and sessions.After capturing an amount of data,
an attacker can easily reassemble Web pages viewed, files downloaded, or e-mail
sent, all with the click of the mouse.The threat from sniffing is yet another argu-
ment for the use of encryption to protect any kind of sensitive data on a network.
Another type of eavesdropping relies on the use of keyloggers.These are pro-
grams that run hidden in the OS, and record all keys typed by the user. Password,
accounts, usernames, and more can be discovered with a keylogger running on an
unsuspecting machine. Some keyloggers even take screenshots at regular intervals
and send them to the owner of the program (or attacker).To protect against key-
loggers, you should regularly run an anti-virus and anti-spyware program on
desktop computers.
Password Attacks
Password attacks are extremely common, as they are easy to perform and often
result in a successful intrusion.There are two basic types of password guessing that
can be performed: brute force or dictionary-based attacks. Each of these methods is
explained in detail in the following sections. Remember that the simplest password
attack is just guessing passwords. If the attacker knows the victim well, the use of
personal information like birthdays, children’s names, pets, and hobbies can be used
to make educated guesses.Always create a password that cannot be associated with
yourself.
www.syngress.com
