The Mighty Sniffer
by Colm Murphy - Technical Director of Espion - Tuesday, 9 January 2007.
One of the best known exploits is to use "router redirection". ARP queries contain the correct IP-to-MAC mapping for the sender. In order to reduce ARP traffic, and traffic in general on the network, computers cache the information that they read from the query broadcasts. A malicious attacker could redirect nearby machines to forward traffic through it by sending out regular ARP packets containing the router's IP address mapped to its own MAC address. All the machines on the local wire will believe the hacker is the router, and therefore pass their traffic through him/her. Simple, but effective. A more aggressive, but equally effective strategy, would be to DoS a target victim and force it off the network, then begin using its IP address. If you picked your victim carefully the rewards could be high!!

Defending against the rouge sniffer is never easy. As previously mentioned, a switched network will keep the casual sniffer at bay, but the more determined will overcome that obstacle. The most robust method of protection is to enforce the used of encrypted protocols. Replace Telnet with SSH, introduce SSL where possible, use only encrypted email like PGP or S/MIME. Use two-factor or biometric authentication. Unfortunately, due to the nature of Ethernet, sniffing and sniffers will be here for some time to come.

There are a large number of sniffing tools available, many for free. The highly regarded and very free packet capture tool Ethereal is a great place to start, but there are many more. A recent and comprehensive list can be found here.

Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //