1MP0R7AN7 H4(K1NG 700L$
1MP0R7AN7 H4(K1NG 700L$
SNIFFERS
-ARE BASICALLY SPYING TOOLS THAT CAPTURE ALL DATA PACKETS BEING SENT ACROSS THE ENTIRE NETWORK IN THE RAW FORM
Were originally developed for network troubleshooting and diagnoses purposes
-When the attacker installs the sniffer in the target system the all the dats being sent and received will be recorded in a logfile which the attacker can retrieve it later or will email it to a predefined id.
-Today sniffers are being used for corporate espionage, spying, ip theft and even password stealing.
WORKING
-In a shared Ethernet based network each system in a network has a filter which restricts the systems access to only those packets that are addressed to its mac code
-sniffers put the network interface card (NIC) of the target system in a special mode known as the promiscuous mode and removes this filter.
-This allows the sniffers to capture all the data packets in range of the compromised system
SOME GOOD SNIFFING TOOLS
TCPDUMP(ONE OF THE BEST)
ETHEREAL
DSNIFF
SNORT(ONE OF THE BEST)
SNIFFIT
ETHERCAP
COUNTERMEASURES
-CHANGE TO A SWITCHED ETHERNET NETWORK(ONLY PACKETS MEANT FOR THAT HOST REACH THE NIC)
-USE ENCRYP[TION STANDARS LIKE SSL ,SSH , IPSEC
-IT IS A GOOD IDEA TO CHECK IF THE NIC OF ANY SYSTEM IS RUNNING IN
THE PROMISCUOUS MODE
-IT IS IMP TO NOTE THAT SOPHISTICATED SNIFFERS LIKE ARPREDIRECT WORK EVEN ON SWITCHED ETHERNET NETWORKS
HOT PICKS
ANTI SNIFFING TOOLS
CHECK PROMISCUOUS MODE (CPM)
ANTISNIFF
SENTINEL
KEYLOGGERS.
-ITS BASICALLY A SPYING SOFTWARE THAT MONITORS ALL KEYSTROKES MADE BY VICTIM ON HIS SYSTEM
-COMMONLY USED FOR SPYING PURPOSES , CORPORATE ESPIONAGE AND IP THEFT
WORKING
-ATTACKER WILL SOMEHOW INSTALL THE KEYLOGGER ON VICTIMS SYSTEM
-IT THEN WORKS SECRETLY IN THE BACKGROUND AND RECORD ALL THE KEYSREOKES MADE BY THE ATTACKER IN A LOG FILE
-THE KEY LOGGER CAN BE CONFIGURED TO AUTOMATICALLY EMAIL THE LOG FILE TO HIM OR HER PERIODICALLY
-A FEW KEYLOGGERS ALSO HAVE A SPECIAL BUILT-IN OPTION OF AUTODESTRUCT
COUNTERMEASURES
-PERIODIC DETECTION PRACTICES SHOULD BE MADE MANDATORY
-A TYPICAL KEYLOGGER AUTOMATICALLY LOADS ITSELF INTO THE MEMORY EACH TIME THE COMPUTER REBOOTS
-HENCE ONE SHOULD SEARCH ALL THE START UP FILES OF THE SYSTEM AND REMOVE ANY REFERANCES TO THE SUSPICIOUS PROGRAMS
-THIS WILL REMOVE THE KEYLOGGERS FROM THE SYSTEM
TROJANS
USING TROJANS WE CAN CONTROL MOST OF THE PARTS OF THE VICTIMS COMPUTER BUT FOR THAT WE HAVE TO INSTALL A PATCH FILE OF THE TROJAN IN THE VICTIMS SYSTEM MOST PROBABLY WITH THE METHOD OD EXE BINDERS
TROJAN TOOLS
NETBUS
BACKORRIFICE
GIRLFRIEND
SUBSEVEN
COUNTERMEASURES
-USE WEB BASED PORT SCANNING.
IF U FING ANY IRREGULAR PORT OPEN THEN MOST PROBABLY A TROJAN IS INSTALLED IN UR COMP
ONE CAN REMOVE A TROJAN USING ANY NORMAL ANTIVIRUS SOFTWARE
-MONITOR START UP FILES AND PORT ACTIVITY
-ARE BASICALLY SPYING TOOLS THAT CAPTURE ALL DATA PACKETS BEING SENT ACROSS THE ENTIRE NETWORK IN THE RAW FORM
Were originally developed for network troubleshooting and diagnoses purposes
-When the attacker installs the sniffer in the target system the all the dats being sent and received will be recorded in a logfile which the attacker can retrieve it later or will email it to a predefined id.
-Today sniffers are being used for corporate espionage, spying, ip theft and even password stealing.
WORKING
-In a shared Ethernet based network each system in a network has a filter which restricts the systems access to only those packets that are addressed to its mac code
-sniffers put the network interface card (NIC) of the target system in a special mode known as the promiscuous mode and removes this filter.
-This allows the sniffers to capture all the data packets in range of the compromised system
SOME GOOD SNIFFING TOOLS
TCPDUMP(ONE OF THE BEST)
ETHEREAL
DSNIFF
SNORT(ONE OF THE BEST)
SNIFFIT
ETHERCAP
COUNTERMEASURES
-CHANGE TO A SWITCHED ETHERNET NETWORK(ONLY PACKETS MEANT FOR THAT HOST REACH THE NIC)
-USE ENCRYP[TION STANDARS LIKE SSL ,SSH , IPSEC
-IT IS A GOOD IDEA TO CHECK IF THE NIC OF ANY SYSTEM IS RUNNING IN
THE PROMISCUOUS MODE
-IT IS IMP TO NOTE THAT SOPHISTICATED SNIFFERS LIKE ARPREDIRECT WORK EVEN ON SWITCHED ETHERNET NETWORKS
HOT PICKS
ANTI SNIFFING TOOLS
CHECK PROMISCUOUS MODE (CPM)
ANTISNIFF
SENTINEL
KEYLOGGERS.
-ITS BASICALLY A SPYING SOFTWARE THAT MONITORS ALL KEYSTROKES MADE BY VICTIM ON HIS SYSTEM
-COMMONLY USED FOR SPYING PURPOSES , CORPORATE ESPIONAGE AND IP THEFT
WORKING
-ATTACKER WILL SOMEHOW INSTALL THE KEYLOGGER ON VICTIMS SYSTEM
-IT THEN WORKS SECRETLY IN THE BACKGROUND AND RECORD ALL THE KEYSREOKES MADE BY THE ATTACKER IN A LOG FILE
-THE KEY LOGGER CAN BE CONFIGURED TO AUTOMATICALLY EMAIL THE LOG FILE TO HIM OR HER PERIODICALLY
-A FEW KEYLOGGERS ALSO HAVE A SPECIAL BUILT-IN OPTION OF AUTODESTRUCT
COUNTERMEASURES
-PERIODIC DETECTION PRACTICES SHOULD BE MADE MANDATORY
-A TYPICAL KEYLOGGER AUTOMATICALLY LOADS ITSELF INTO THE MEMORY EACH TIME THE COMPUTER REBOOTS
-HENCE ONE SHOULD SEARCH ALL THE START UP FILES OF THE SYSTEM AND REMOVE ANY REFERANCES TO THE SUSPICIOUS PROGRAMS
-THIS WILL REMOVE THE KEYLOGGERS FROM THE SYSTEM
TROJANS
USING TROJANS WE CAN CONTROL MOST OF THE PARTS OF THE VICTIMS COMPUTER BUT FOR THAT WE HAVE TO INSTALL A PATCH FILE OF THE TROJAN IN THE VICTIMS SYSTEM MOST PROBABLY WITH THE METHOD OD EXE BINDERS
TROJAN TOOLS
NETBUS
BACKORRIFICE
GIRLFRIEND
SUBSEVEN
COUNTERMEASURES
-USE WEB BASED PORT SCANNING.
IF U FING ANY IRREGULAR PORT OPEN THEN MOST PROBABLY A TROJAN IS INSTALLED IN UR COMP
ONE CAN REMOVE A TROJAN USING ANY NORMAL ANTIVIRUS SOFTWARE
-MONITOR START UP FILES AND PORT ACTIVITY
Permissions in this forum:
You cannot reply to topics in this forum
|
|