Hacking For Beginners – Manthan Desai
2010
Who uses Sniffers ?
LAN/WAN administrators use sniffers to analyze network traffic and help determine where a problem is on the network. Asecurity administrator could use multiple sniffers, strategically placed throughout their network, as an intrusion detectionsystem. Sniffers are great for system administrators, but they are also one of the most common tools a hacker uses.Crackers install sniffers to obtain usernames, passwords, credit card numbers, personal information, and otherinformation that could be damaging to you and your company if it turned up in the wrong hands. When they obtain thisinformation, crackers will use the passwords to attack other Internet sites and they can even turn a profit from sellingcredit card numbers.
Defeating Sniffers
One of the most obvious ways of protecting your network against sniffers is not to let them get broken into in the firstplace. If a cracker cannot gain access to your system, then there is no way for them to install a sniffer onto it. In a perfectworld, we would be able to stop here. But since there are an unprecedented number of security holes found each monthand most companies don’t have enough staff to fix these holes, then crackers are going to exploit vulnerabilities andinstall sniffers. Since crackers favor a central location where the majority of network traffic passes (i.e. Firewalls, proxies),then these are going to be their prime targets and should be watched closely. Some other possible “victims” wherecrackers like to install sniffers are next to servers where personal information be seen (i.e. Webservers, SMTPservers).
A good way to protect your network against sniffers is to segment much as possible using Ethernet switches insteadof regular hubs. Switches have the ability to segment your network and prevent every system on the network frombeing able to “see” all packets. The drawback to this solution is Switches are two to three times more expensive thenhubs, but the trade-off is definitely worth it. Another option, which you can combine with a switched environment, is touse encryption. The sniffer still sees the traffic, but it is displayed as garbled data. Some drawbacks of using encryptionare the speed and the chance of you using a weak encryption standard that can be easily broken. Almost all encryptionwill introduce delay into your network. the stronger the encryption, the slower the machines using it willcommunicate. System administrators have to compromise somewhere in the middle. Even though most systemadministrators would like to use the encryption on the market, it is just not practical in a world where security is seenas a profit taker, not a profit maker. Hopefully the new encryption standard that should be out shortly, AES (AdvancedEncryption Standard), will provide strong enough encryption and transparency to the user to make everybody happy.Some form of encryption is better then no encryption at all. If a cracker is running a sniffer on your network and noticesthat all of the data that he (or she) is collecting is garbled, then most likely they will move on to another site that does notuse encryption. But a paid or determined hacker is going to be able to break a weak encryption standard, so it is better toplay it smart and provide the strongest encryption as long as it will not have everybody giving you dirty looks when youwalk down the halls at work.
AntiSniff
In 1999, our buddies at L0pht Heavy Industries released a product called Antisniff. This product attempts to scan yournetwork and determine if a computer is running in promiscuous mode. This is a helpful tool because if a sniffer isdetected on your network, then 9 times out of 10, the system has been compromised. This happened to the ComputerScience Department at California State University – Stani slaus. Here is what they posted on their local website: “A snifferprogram has been found running on the Computer Science network. Sniffer programs are used to capture passwords. Inorder to protect yourself please change your password. Do not use a word out of a dictionary, put a number on the end of
www.hackingtech.co.tv
Page 83