Difference between revisions of "Network Eavesdropping"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:Attack}}
 
{{Template:Attack}}
 +
<br>
 +
[[Category:OWASP ASDR Project]]
 +
[[ASDR Table of Contents]]__TOC__
  
  
Line 26: Line 29:
 
Network Eavesdropping is a passive attack very difficult to be discovered, it could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.
 
Network Eavesdropping is a passive attack very difficult to be discovered, it could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.
  
== Severity ==
+
==Risk Factors==
 +
TBD
 +
[[Category:FIXME|need content here]]
  
High
 
 
== Likelihood of exploitation ==
 
 
Medium
 
 
   
 
   
 
==Examples ==
 
==Examples ==
Line 46: Line 46:
 
</center>
 
</center>
  
== External References==
 
  
*http://www.ethereal.com/
+
==Related [[Threat Agents]]==
  
==Related Threats==
+
* [[:Category:Logical Attacks]]
  
[[:Category:Logical Attacks]]
+
==Related [[Attacks]]==
 
+
==Related Attacks==
+
  
 
*[[Man-in-the-middle attack]]
 
*[[Man-in-the-middle attack]]
  
==Related Vulnerabilities==
+
==Related [[Vulnerabilities]]==
  
 
* [[Data Leaking Between Users]]
 
* [[Data Leaking Between Users]]
  
==Related Countermeasures==
+
==Related [[Controls]]==
  
[[:Category:Encryption]]
+
* [[:Category:Encryption]]
 +
 
 +
==References==
 +
 
 +
*http://www.ethereal.com/
  
  

Revision as of 17:46, 13 September 2008

This is an Attack. To view all attacks, please see the Attack Category page.



ASDR Table of Contents

Contents


Description

The Network Eavesdropping or network sniffing is a network layer attack consisting in capturing packets from the network transmitted by others computers and reading the data content in search of sensitive information like passwords, session token or yet any kind of confidential information.

The attack could be done using tools called network sniffers, these tools act collecting packets on the network and, depending on the quality of the tool, this could offer facilities to analyze the collected data like protocol decoders or stream reassembling.

Depending on the network context, to be the sniffing effective, some condition must be attended:

• Lan environment with HUBs

This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports. So the attack is very simples to be implemented because no other condition must be attended.

• Lan environment with switches

To be effective the eavesdropping a preliminary condition must be attended. Because a switch by default only transmit a frame to the port is necessary a mechanism that will duplicate or will redirect the network packets to evil system. For example to duplicate traffic to one port to another port is necessary to implement a special configuration on the switch. To redirect the traffic from one port to another it’s necessary a preliminary exploitation like the arp spoof attack. In this attack the evil system act like a router between the victim’s communication making, in this way, possible to sniff the exchanged packets.

• Wan environment

In this case to make a network sniff is necessary that the evil system became a router between the client server communications. One way to implement this exploit is done by a dns spoof attack to thr client system.


Network Eavesdropping is a passive attack very difficult to be discovered, it could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.

Risk Factors

TBD


Examples

When a network device called HUB is used on the Local Area Network topology, the Network Eavesdropping become easier, it´s because the device repeat all traffic received on one port to all other ports. Using a protocol analyzer, the attacker can capture all traffic on the LAN discovering sensitive information.

Eavesdropping.jpg

Figure 1. Local Eavesdropping attack.


Related Threat Agents

Related Attacks

Related Vulnerabilities

Related Controls

References