Sniffers and Crackers - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Sniffers and Crackers

Description:

– PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 36
Provided by: brian107
Category:

less

Transcript and Presenter's Notes

Title: Sniffers and Crackers


1
Sniffers and Crackers
  • Brian Rock
  • An Overview of Hacking Techniques

2
AGENDA
  • Packet Sniffers
  • Password Crackers
  • IP Spoofing (Time permitting)

3
Packet Sniffing
  • Sometimes referred to as Network Monitoring Tools
  • This tool can be used legitimately by network and
    system administrators to verify network traffic
    and diagnose problems
  • Packet Sniffers can listen and gather all network
    traffic at a particular point, or just certain
    protocols or ip ranges.

4
Packet Sniffing Uses
  • Packet Sniffers are the base utility in an
    Intrusion Detection System IDS
  • Can be used to determine what systems and
    protocols are unprotected/unencrypted in a
    network and take action (good/bad)
  • Can be used to obtain critical information for
    use by malicious hacker (passwords, cc numbers)
    anything unencrypted that is transmitted over the
    network

5
Packet Sniffer Detection
  • 2 Detection Methods
  • 1.) Blabbing NIC To use a sniffer the NIC card
    must be in promiscuous mode. Most NIC report
    this change to network.
  • - 2.) Ping Detection Since the kernel of the
    sniffing machine is seeing all packets, not just
    the ones destined for it, a ping can be sent to a
    suspect machine. Given the correct IP address,
    but wrong MAC address, this should normally be
    filtered in the NIC. While in promiscuous mode,
    the packet will get through, and the sniffing
    machine will acknowledge the ping.

6
Packet Sniffer How it works
  • Computer connected to a network has two addresses
    MAC address and IP Address
  • MAC Address Uniquely identifies each node in a
    network so that frames can be sent from machine
    to machine.
  • IP Address Used to route traffic from one
    network to another.
  • Packet Sniffers operate differently for a Shared
    Ethernet and Switched Ethernet

7
Packet Sniffer Shared Ethernet
  • All packets are transmitted to all computers on a
    network within a shared Ethernet.
  • Computers quietly discard data packets that do
    not match their MAC and IP address.
  • A machine running a sniffer breaks this rule and
    accepts all data packets.
  • Sniffing in a shared Ethernet is totally passive
    and very hard to detect.

8
Packet Sniffer Switched Ethernet
  • In a switched Ethernet a switch maintains a table
    of each computers MAC address and the physical
    port on the switch to which the MAC address is
    connected and delivers packets destined for that
    machine.
  • This makes the switched network more secure, but
    there are still two methods for packet sniffing
    in a switched Ethernet.
  • 1.) ARP Spoofing
  • - 2.) MAC Flooding

9
Packet Sniffer Switched Ethernet
  • ARP Spoofing Address Resolution Protocol is
    used on the network layer to map IP addresses to
    MAC addresses.
  • ARP is stateless, therefore, a computer at
    anytime can respond with its MAC address
    belonging to an IP address.
  • In ARP Spoofing, you poison the ARP cache of a
    transmitting machine thereby forcing all traffic
    to route through your machine with the installed
    packet sniffer.

10
Packet Sniffer Switched Ethernet
  • MAC Flooding This is when the attacking
    computer bombards the switch with fake MAC
    addresses. The switch will become overloaded and
    fail into the failopen mode.
  • Once the switch is operating in failopen mode if
    operates exactly like a hub, transmitting all
    packets to all addresses in the network.

11
Packet Sniffing Prevention
  • Packet sniffing is used to intercept unencrypted
    network traffic.
  • Best method to mitigate packet sniffing is to use
    SSH to encrypt your network traffic.
  • To prevent ARP Spoofing, you can add the MAC
    address of the gateway machine in your network to
    your computers ARP Cache permanently.
  • Use https instead of http
  • Use Trillion ( in encrypted mode) for IM

12
Packet Sniffing Tools
  • Ethereal (http//www.ethereal.com)
  • My personal favorite
  • Hunt
  • tcpdump
  • The original packet sniffer
  • Ships by default with many versions of linux
  • Many More . . .

13
Ethereal
  • Data can be captured "off the wire" from a live
    network connection, or read from a capture file.
  • Captured network data can be browsed via a GUI,
    or via the TTY-mode "tethereal" program.
  • 750 protocols can currently be dissected
  • Data display can be refined using a display
    filter

14
(No Transcript)
15
(No Transcript)
16
Ethereal Screen Shots
  • Main Screen shows the various protocol traffic
    streams
  • Second screen shot demonstrates the ability to
    dissect a single TCP connection stream.

17
Password Crackers
  • Tools that implement any number of methods to
    determine the correct password of a users
    account.
  • Can be used legitimately to test strength of
    password or to assist a user in access THEIR
    account.
  • Password Cracking generally refers to the
    recovery of one or more plaintext passwords from
    a hashed password.

18
Password Crackers
  • Passwords are generally stored in a database
    contained within the computer network in order
    for the computer to perform password
    verification.
  • In order to provide further security, usually the
    computer will perform a one-way cryptographic
    function on the plaintext password and store the
    encrypted data.
  • This is termed the hashed password
  • If a hacker obtains the hashed password,
    reverting that hashed password to the plaintext
    password is not extremely difficult.

19
Password Cracking
  • Generally requires the hacker to obtain a copy of
    the hashed password.
  • This can be done through a Trojan horse virus or
    intercepting the hashed password when it is sent
    across the network.
  • Using a Packet Sniffer

20
Password Cracking
  • There are a number of other ways to obtain a
    password illicitly
  • Social Engineering
  • Wiretapping
  • Keystroke Logging
  • Login Spoofing
  • Phishing
  • Shoulder Surfing
  • Accoustic Cryptanalysis

21
Password Cracking Methods
  • Principal Attack Methods
  • Weak Encryption
  • Guessing
  • Dictionary Attack
  • Brute Force Attack
  • Precomputation
  • Salting

22
Weak Encryption
  • Refers to the cryptographic function used by the
    system to hash the plaintext password
  • A cryptographic hash function is considered weak
    if the password can be broken in fewer attempts
    then a brute force attack
  • When a true one-way hash function is employed,
    password cracking through decryption is not
    feasible.
  • Some common one-way hash functions
  • MD5 SHA-1

23
Guessing
  • As simple as it sounds, the hacker guesses your
    password
  • Top Ten Chosen Passwords
  • Using the default system assigned password
  • OSU last 4 SSN first ini last ini
  • There are password cracking tools that accept
    known personal information about a target and
    then attempt to guess the password through a
    known algorithm.

24
Dictionary Attack
  • Password cracking tools can contain dictionaries
    containing millions of words
  • Tool cycles through all words in dictionary
    trying them ALL
  • This attack exploits weak passwords
  • Can be averted by using special characters and
    numbers within your password.
  • Weak password
  • Better P13as_at_wrd

25
Brute Force Attack
  • Last resort technique
  • Attacker attempts to try an exhaustive list of
    combinations of letters, digits, and special
    characters.
  • A possible defense for the brute force attack,
    since unchecked will always determine the
    password, is to lock the account at X failed
    login attempts.

26
Precomputation
  • Refers to computing the hash values for a
    dictionary of passwords and then using that
    dictionary to look up a hashed password when
    intercepted.
  • This makes the process almost instantaneous

27
Salting
  • Negates the benefit of precomputation
  • The system sets a string called the salt when
    the user establishes their password.
  • The salt is appended to the users password before
    the encryption
  • Since the salt is different for each user the
    hacker can not use one cracked password as the
    basis for cracking the other passwords on the
    system.

28
Password Cracking Tools
  • Common Password Cracking Programs
  • Brutus
  • Cain
  • John the Ripper
  • LC5
  • RainbowCrack

29
Password Cracking Prevention
  • Use a stronger password
  • Avoid dictionary words
  • Change passwords often
  • Environmental Awareness (be aware of your
    surroundings)

30
IP Spoofing
  • The deliberate act of changing the IP address on
    outgoing headers from a particular computer.
  • Commonly used to gain unauthorized access to a
    computer network or system.
  • Requires that the attacked obtain a IP address or
    a trusted host and then modify the packet headers
    so that it appears that the packets are coming
    from that host.

31
IP Spoofing
  • IP Spoofing occurs at layer 3 and layer 4 of the
    OSI Model
  • Layer 3 Hacker modifies the source or
    destination field of the IP header (see next
    slide)
  • Layer 4 Hacker Modifies the the transaction
    states as well as the source and destination
    address

32
(No Transcript)
33
(No Transcript)
34
IP Spoofing Attacks
  • Non-Blind Spoofing
  • Blind Spoofing
  • Man in the Middle attack
  • Denial of Service Attack

35
IP Spoofing Defense
  • Filtering at the Router
  • Implementing Access Control Lists
  • Not allowing private IP addresses to access from
    outside the trusted network
  • Encryption and Authentication
  • New authentication measures in IPv6
Write a Comment
User Comments (0)
About PowerShow.com