Packet Sniffing Attack & Vulnerable Ethernet Communications – I

A wire-tap device that plugs into computer networks and eavesdrops on the network traffic is known as the Packet Sniffer or protocol analyzer. Same as we tap any phone call this sniffing allows us to listen to communication between two or more computers.

Computer conversations consist of apparently random binary data. Therefore, network wiretap programs also come with a feature known as “protocol analysis”, which allow them to “decode” the computer traffic and make sense of it. We don’t directly need to break in to actual communication, we can install device on network and tap other network’s conversation which is the other advantage of packet Sniffer.

This shared technology is known as promiscus mode in sniffing, but bad news for black hats is this shared technology is getting transferred to Non-promiscus mode which is making it harder for intruder to install the sniffing programs.Internet is place where no place is available to see the all communication. Means we need to concentrate on single communication at a time. This architecture of internet prevents any single point of packet sniffing.

Packet Sniffing
Packet Sniffing

If we have two machines in our own office talking to each other, and both are on the Internet. They take a direct route of communication, and the traffic never goes across the outside public portion of the Internet. Any communication anywhere in the net follows a similar “least-cost-path” principle.  Ethernet was built around a “shared” principle: all machines on a local network share the same wire.

This scenario implies that all the machines are able to “see” all the traffic on the same wire. Therefore, the next Ethernet hardware is built with a “filter” that ignores all traffic that doesn’t belong to it. It does this by ignoring all frames whose MAC address doesn’t match their own. A wiretap program effectively turns off this filter, putting the Ethernet hardware into “promiscuous mode”. MAC works on non promiscus mode and so only that traffic can be heard who is on same Ethernet wire. Like victim and intruder should share same Ethernet wire to make any attack possible.

To be Continued in Next Post . . .

Firewall Responses Detection & Breaking The Firewalls

The behavior of packets and its responses explained last post has been noted by a number of firewall vendors. By understanding such enumerations,  the have modified their security system’s for high anonymity by spoofing the source address of the RST/ACK packet to be that of the target host. As such, the response received by an inquisitive attacker is supposed to be a RST/ACK from the target, rather than the gateway.

This is, of course, uncertain as it implies that the packet has reached the target before being rejected, when we may have already assume that there is. But actually there is a gateway that is filtering the traffic.

Breaking any firewall need a vast knowledge on how any firewall works. But rather than that we can also have knowledge on how firewall vendors roved stealth to their systems.
Firewalls Break in

Firewalls Break in Generally in modifies Firewall and Intrusion Detection Systems (IDS) environments, rather than denying unacceptable policies, they will simply drop the packet without any comment. As the scanner never receives a positive or negative response, there is no way of telling whether the packet did not reach the target because of network problems or whether the target no longer exists or if the packet was intentionally drop en route.

And this is where firewalls succeeds & hide from intruder the way network ports are responding and further attack chances are reduced. The resulting ambiguity and timeouts will slow down the scanning process, and prevent many tools from revealing information of any kind.

But this does not mean that this firewall is unbreakable, experiences one’s always have something strong in their hand named – Experience