Packet Sniffing Attack & Vulnerable Ethernet Communications – II

Continues From Last Post  . . .

So each machine has unique identification to send and receive data and avoid the confusion. This doesn’t happen with dial-up modems; because it is assumed that any data you send to the modem is destined for the other side of the phone line. But when you send data out onto an Ethernet wire, you have to be clear which machine you intend to send the data to.

In many cases we can analyze today that mostly to machines make communication to each other and few scenarios are like a conference But Ethernet is designed to share plenty of machines to covers together. This is accomplished by putting a unique 12-digit hex number in every piece of Ethernet hardware.sniffer

This is so important from the aspect of data and information security. Ethernet was designed to carry other traffic than just TCP/IP, and TCP/IP was designed to run over other wires (such as dial-up lines, which use no Ethernet).

NETBEUI is something that many home users use to share files or data. This does not use TCP/IP protocols to transfer the data. It makes harder for intruders to hack the data.  Raw transmission and reception on Ethernet is governed by the Ethernet equipment. You just can’t send data raw over the wire; you must first do something to it that Ethernet understands. In much the same way, you can’t stick a letter in a mailbox, you must first wrap it in an envelope with an address and stamp. This is what used in traditional TCP/IP Architecture.

So this is how sniffing attacks get vulnerable to Ethernet.  There are many techniques which gives internet and networks a flexibility through Ethernet is exploited by the use of packet sniffing.

This is not just a dark side, all packet sniffers can be detected even if they have stealth inside them. Also Non promiscus mode conversion can be a great way to stop all types of  packet sniffing attacks.

Packet Sniffing Attack & Vulnerable Ethernet Communications – I

A wire-tap device that plugs into computer networks and eavesdrops on the network traffic is known as the Packet Sniffer or protocol analyzer. Same as we tap any phone call this sniffing allows us to listen to communication between two or more computers.

Computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as “protocol analysis”, which allow them to “decode” the computer traffic and make sense of it. We don’t directly need to break in to actual communication, we can install device on network and tap other network’s conversation which is the other advantage of packet Sniffer.

This shared technology is known as promiscus mode in sniffing, but bad news for black hats is this shared technology is getting transferred to Non-promiscus mode which is making it harder for intruder to install the sniffing programs.Internet is place where no place is available to see the all communication. Means we need to concentrate on single communication at a time. This architecture of internet prevents any single point of packet sniffing.

Packet Sniffing
Packet Sniffing

If we have two machines in our own office talking to each other, and both are on the Internet. They take a direct route of communication, and the traffic never goes across the outside public portion of the Internet. Any communication anywhere in the net follows a similar “least-cost-path” principle.  Ethernet was built around a “shared” principle: all machines on a local network share the same wire.

This scenario implies that all the machines are able to “see” all the traffic on the same wire. Therefore, the next Ethernet hardware is built with a “filter” that ignores all traffic that doesn’t belong to it. It does this by ignoring all frames whose MAC address doesn’t match their own. A wiretap program effectively turns off this filter, putting the Ethernet hardware into “promiscuous mode”. MAC works on non promiscus mode and so only that traffic can be heard who is on same Ethernet wire. Like victim and intruder should share same Ethernet wire to make any attack possible.

To be Continued in Next Post . . .

New Intel Core i7 975 Is All Set To Launch In May Ending

intel core i7 logoAccording to Intel’s revised plan ,  Core i7’s new versions 975 and 950 are to be launched in the end of   May. The Intel Core i7-975 3.33Ghz and Core i7-950 3.06GHz will replace the existing 3.2GHz and 2.93GHz chips, priced at $999 and $562 respectively (If bought in bulk)

 

Intel’s core i7 is full of technologies including HT technology, Quick path Interface and Nehalem architecture.  Intel is expected to launch the Core 2 Quad Q8400 2.66GHz and its low-power Q8400S 2.66GHz equivalent on April 19th, priced at $183 and $245 respectively. 

The older version Core 2 Quad Q9300 ma cut prices upto 20%, & almost 13-percent cuts on the Core 2 Quad S range.

As Core i7 have ultimate features, but it is out of the reach from common man, Intel alsoworking on some major price cuts planned for July 19th, with the Core 2 Quad Q8300 may almost drop by 11-percent, the Core 2 Duo E7500 falling by 15-percent,

The previous versions of  Pentium dual-core E5400, E5300 and E1500 seeing 12,  13.5 and 19-percent price cuts respectively. 

With unknown clock speeds Intel is also introducing some of its new chips in Dual core and Core 2 duo this may.

All New Rapidshare Premium Accounts Database For Free

These links are available thanks to : john4john25

Hey folks, Welcome to another good rapidshare database from hackers enigma

Here we are sharing many of rapidhare premum accounts for free, which are live till various dates.

Many of rapidshare accounts are live till oct 2009.

So start downloading these files and have free access to rapidshares premium services.
http://rapidshare.com/files/214016577/rapidshare.premium.account.rar
http://rapidshare.com/files/214032643/30GB_Traffic_Rapidshare.rar
http://rapidshare.com/files/214032644/80GB_Rapidshare_Accounts.rar
http://rapidshare.com/files/214032645/Lots_of_Rapidshare.rar
http://rapidshare.com/files/214032646/New_Rapidshare.rar
http://rapidshare.com/files/214032647/Rapidshare_Premium_Accounts.rar

We are very thankful of John for this ultimate share.

Detection of Network Responses Through Various Symptoms

We may receive following four types of states which can allow us to read response of the network connection, that whether it was accepted or why and where it was rejected, dropped or lost.

No Response – If no packet is received, then there is a chance that original packet have not reached its predefined destination IP address. Other chance is any security devices planted in between my have securely dropped the packet.

RST/ACK – If a RST/ACK packet is received, the packet was either rejected by the IP stack installed on the host, or by an security device (e.g. a Checkpoint reject) installed on host.

SYN/ACK – If a SYN/ACK is received, then the port from which the response was received may be open for connection.

ICMP type 13 – If an ICMP type 13 packet is received, then administrator on host has prohibited this type of connection. (High Level of Security) often a router will use this response to implement it’s ACL security policy.

  
So when we hping some FTP or TCP on any host we should receive ICMP or RST/ACK response. But if we are getting flagged RA response over hping, then it must be noted that any kind of security device is installed on in-between the port and intruder.

Such responses are very cleverly analyzed by ethical hackers to perform further scan and secure their systems with a black box.

Firewall Responses Detection & Breaking The Firewalls

The behavior of packets and its responses explained last post has been noted by a number of firewall vendors. By understanding such enumerations,  the have modified their security system’s for high anonymity by spoofing the source address of the RST/ACK packet to be that of the target host. As such, the response received by an inquisitive attacker is supposed to be a RST/ACK from the target, rather than the gateway.

This is, of course, uncertain as it implies that the packet has reached the target before being rejected, when we may have already assume that there is. But actually there is a gateway that is filtering the traffic.

Breaking any firewall need a vast knowledge on how any firewall works. But rather than that we can also have knowledge on how firewall vendors roved stealth to their systems.
Firewalls Break in

Firewalls Break in Generally in modifies Firewall and Intrusion Detection Systems (IDS) environments, rather than denying unacceptable policies, they will simply drop the packet without any comment. As the scanner never receives a positive or negative response, there is no way of telling whether the packet did not reach the target because of network problems or whether the target no longer exists or if the packet was intentionally drop en route.

And this is where firewalls succeeds & hide from intruder the way network ports are responding and further attack chances are reduced. The resulting ambiguity and timeouts will slow down the scanning process, and prevent many tools from revealing information of any kind.

But this does not mean that this firewall is unbreakable, experiences one’s always have something strong in their hand named – Experience

Piconet : Know The insides of Bluetooth Architecture

Bluetooth is an open system that enables short range wireless communication of data and voice. It comprises of a hardware & a software components.

Bluetooth Architecture consist of the master and the slave arrangement, both are symmetric i.e in same device. In Bluetooth architecture the communication occurs between a master unit and a slave unit, while they share same channel for communication. Each device has a 48 bit unique address that is fixed. Two or more radio devices together form ad-hoc networks called Piconets. These Piconets consist of one master and seven slaves as shown in figure.

Activation of the Piconet is known by the 3 bit active device address . The piconet form the link of one bluetooth device to another bluetooth device .The master is only responsible for establishing the bluetooth link  in the same  device . The slaves are not allowed to communicate between themselves.

Piconet
Piconet

During the communication there are various protocol are also responsible are as follows-
Bluetooth core protocol – Baseband ,LMN ,L2CAP, SDP 
Cable Replacement Protocol – RFCOMM
Telephony Control Protocol – TCS Binary, AT Commands
Adopted Protocols–  PPP, TCP/IP, OBEX, WAP, vCard, vCal, IrMC, WAE

The description of each protocol at each layer:

The RF layer:
The RF layer is lowest defined layer of bluetooth architecture.The Bluetooth air interface is based on a nominal antenna power of  extensions for operating at up to 100 mW  worldwide.
The nominal link range is 10 centimeters – 10 meters, but can be extended to more than 100 meters by increasing the transmit power to 100 mW.

The Bluetooth  Baseband :
This layer defines the timing , frame , packets and the flow control on the link.

The Link Manager 
Responsible for managing connection states enforcing fairness among slaves & power management..

The logical Link Control And Adaptation Protocol
These layer Handles multiplexing, segmentation and reassembly of large packets and device discovery.

Audio
The audio maps the data directly to the Baseband layer.

So, this was the basic introduction of Bluetooth Technology which is today a widely used media for data communication. We are covering this topic so as to give more knowledge for all Ethical Hacking & Bluetooth security interested people.

Bluebugging: Type of Bluetooth Hacking

Bluebugging is also one form of Bluetooth hacking .It was first discovered German researcher Martin Herfurt . He got the motivation from the Bluesnarf attack.

Bluebugging is very much different from the bluesnarfing. In bluebugging allows an individuals to access the mobile phone commands using Bluetooth wireless technology without knowing the phone’s user .The hacker can access the phone memory and connect internet without knowing the user . Hacker can also initiate phone calls, send and read SMS, listen the phone conversion. But here the hacker must be at range of 10 meters while in bluesnarf it is upto 100 meters.

 Bluebugging
Bluebugging

Initially bluebugging was carried using the laptops. But as the technology as boomed it can be carried on powerful PDA’s and mobile devices. Futher development of bluebugging tools the hacker can also take the control of victim’s phone. The hacker not only make call’s ,send MSG’s essentially do anything to the cell phone.

In bluebugging ,the hacker search for the establishment of connection i.e it searches for switch on bluetooth cell phone . Once the connection is established by pairing of device . It can do anything with the device.

Bluebugging cannot harm all the cell phones ,due to less range. But this can be avoided by switching OFF the Bluetooth to non discoverable mode.
This article is to inform the people about consequences of bluebugging. And also include how to protect from it.

Firewalk Attack: Beyond The Boundaries of Security.

Firewalk which was developed by two masterminds known as developed by Mike Schiffman and Dave Goldsmith furthers the techniques used both by static port traceroutes and hping.

It can be successfully implemented to scan a host downstream from a security gateway to assess what rules relate to the target system, without any packets having to reach it.

Firewalk utilizes the TTL functions to carry out the whole attack. This was different to analyze by any firewall. And so it was called as beyond the boundaries of security.

Firewalk

Some of the fact that should be true for any kind of firewall responses are:

If the packet is passed by the Firewall, a TTL expired should be received.

If the packet is blocked by the Firewall, this could be caused be either of the following:
An ICMP administratively prohibited response is received or The packet is dropped without comment. Again, uncertainty is introduced through packets lost in transit. Some security gateways will detect the packet is due to expire and send the expired message whether the policy would have allowed the packet or not.

Firewalls and intruders are always the big rivals as firewalls updates with technologies implemented by intruders. Which sometimes makes it harder for firewall vendors and sometimes for hackers.