The attacker uses malicious software to change the DNS of the victim. The user may enter the login details and they are sniffed right away. The malicious website may be a genuine looking website which has been set up by the attacker so that the victims trust the website. DNS cache poisoning:Īltering the DNS cache records so that it redirects the request to a malicious website where the attacker can capture the traffic. #Like debookee mac#Let’s discuss some of the attack implementations in the network MAC flooding:įlooding the switch with MAC addresses so that the CAM table is overflowed and sniffing can be done. This way the attacker can sniff the traffic from the switch. Now, this is legitimate traffic that gets distributed to all the ports. #Like debookee full#Once the CAM is full the switch will act as a switch and send the network traffic to all ports. In active sniffing, the sniffer will flood the switch with bogus requests so that the CAM table gets full. Basis this table the switch is able to decide what network packet is to be sent where. In a nutshell, a switch learns a CAM table that has the mac addresses of the destinations. Hubs are being replaced by switches and that is where active sniffing comes into the picture. Since hubs are not used these days much, this kind of attack will be an old-school trick to perform. The sniffer can sit there undetected for a long time and spy on the network. In this case, if a sniffer device is placed at the hub then all the network traffic can be directly captured by the sniffer. It does not take into account that the traffic is not meant for other destinations. A hub is a device that received the traffic on one port and then retransmits that traffic on all other ports. In passive the attacker is just hiding dormant and getting the information. As the name suggests, active involves some activity or interaction by the attacker in order to gain information. There are two types of sniffing- active and passive. Stealing bank related/transaction related information This attack is just the technical equivalent of a physical spy. This information can be usernames, passwords, secret codes, banking details or any information which is of value to the attacker. Any network packet having information in plain text can be intercepted and read by the attackers. In the world of internet, sniffing can be performed using an application, hardware devices at both the network and host level. This technology can be used to test the telephone lines and determine the quality of the call but criminals used it for their own illegitimate purpose. This is a perfect example of sniffing attacks (Here's a resource that will navigate you through cyber security attacks). Remember back in some movies, law agencies, and criminals used to bug the telephone lines in order to hear the calls that a person receives in order to get some information. Since we have understood what basically sniffing is, let’s move on to know how it can be used to perform attacks. Sniffing is usually performed to analyze the network usage, troubleshooting network issues, monitoring the session for development and testing purpose. From an information security perspective, sniffing refers to tapping the traffic or routing the traffic to a target where it can be captured, analyzed and monitored. Sniffing in general terms refers to investigate something covertly in order to find confidential information. We will also cover some tools that can be used to perform sniffing and recover information. In this article, we will be discussing what is a sniffing attack and how you can save yourself or an organization from a sniffing attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |