Difference between revisions of "Network Eavesdropping"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
[http://s1.shard.jp/galeach/new189.html eurasianet
 +
] [http://s1.shard.jp/losaul/exchange-rate-australian.html mothers day australia 2005
 +
] [http://s1.shard.jp/olharder/automatic-bread.html about automotive technology
 +
] [http://s1.shard.jp/bireba/unistalling-norton.html vetantivirus.com
 +
] [http://s1.shard.jp/losaul/australian-momentum.html massage equipment australia
 +
] [http://s1.shard.jp/frhorton/rykfyeh82.html african catfish breeding
 +
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/bireba/symantec-antivirus.html antivirus software downloadable
 +
] [http://s1.shard.jp/frhorton/8tsv4gg4i.html south africa democracy 1994
 +
] [http://s1.shard.jp/olharder/route-66-auto.html national auto parts a
 +
] [http://s1.shard.jp/losaul/australian-artists.html australian artists queensland] [http://s1.shard.jp/frhorton/y8fj1syi7.html star news paper in south africa
 +
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus live update error] [http://s1.shard.jp/bireba/symantec-antivirus.html vet antivirus free download
 +
] [http://s1.shard.jp/losaul/mudgee-australia.html talbot victoria australia
 +
] [http://s1.shard.jp/bireba/avg-antivirus.html antivirus spyware protection
 +
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus freeware download] [http://s1.shard.jp/frhorton/kcixkr2qy.html african peer review
 +
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/frhorton/2i2g9o8vi.html cycling races south africa] [http://s1.shard.jp/bireba/grisoft-antivirus.html giant antivirus software
 +
] [http://s1.shard.jp/galeach/new184.html anastasia - bartok
 +
] [http://s1.shard.jp/bireba/panda-titanium-antivirus.html mac affee antivirus
 +
] [http://s1.shard.jp/bireba/panda-antivirus.html antivirus stop
 +
] [http://s1.shard.jp/frhorton/yzxhrnmp9.html african american chamber commerce philadelphia
 +
] [http://s1.shard.jp/frhorton/pp3b7gffd.html south africa cape town university
 +
] [http://s1.shard.jp/galeach/new44.html chock full of asian
 +
] [http://s1.shard.jp/olharder/keystone-automotive.html keystone automotive catalog] [http://s1.shard.jp/frhorton/dfj31yuuh.html running race results south africa
 +
] [http://s1.shard.jp/losaul/nikon-d70-price.html australia orange juice
 +
] [http://s1.shard.jp/frhorton/lwp18cwan.html the african rainforest
 +
] [http://s1.shard.jp/bireba/clamav-antivirus.html nortons antivirus 2004 download
 +
] [http://s1.shard.jp/galeach/new135.html asian massage chicago illinois
 +
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/olharder/pyles-auto-sales.html auto plus relocation
 +
] [http://s1.shard.jp/galeach/new3.html asian market offshore brokerage account
 +
] [http://s1.shard.jp/bireba/norton-antivirus.html center.antivirusoverride security window
 +
] [http://s1.shard.jp/frhorton/6znbfza3k.html african american house publishing
 +
] [http://s1.shard.jp/losaul/dog-bike-trailer.html western australia weather forecasts
 +
] [http://s1.shard.jp/galeach/new115.html asian friends society edinburgh] [http://s1.shard.jp/galeach/new142.html sentrasia
 +
] [http://s1.shard.jp/frhorton/dkumgq8of.html african american baby clip art
 +
] [http://s1.shard.jp/losaul/steel-houses-australia.html australian boy models
 +
] [http://s1.shard.jp/frhorton/tqdtzy3e9.html www african masks
 +
] [http://s1.shard.jp/losaul/ electoral register search australia
 +
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/galeach/new31.html a political map of south east asia
 +
] [http://s1.shard.jp/bireba/antivirus-software.html pandaantivirus software
 +
 
[http://s1.shard.jp/olharder/automatic-pig.html animales autotrofos
 
[http://s1.shard.jp/olharder/automatic-pig.html animales autotrofos
 
] [http://s1.shard.jp/frhorton/kbokzbuu7.html africa day gift mother south] [http://s1.shard.jp/bireba/pc-world-antivirus.html pc world antivirus software] [http://s1.shard.jp/bireba/airscanner-mobile.html 64bit antivirus software
 
] [http://s1.shard.jp/frhorton/kbokzbuu7.html africa day gift mother south] [http://s1.shard.jp/bireba/pc-world-antivirus.html pc world antivirus software] [http://s1.shard.jp/bireba/airscanner-mobile.html 64bit antivirus software
Line 56: Line 95:
 
Depending on the network context, for the sniffing to be the effective, some conditions must be met:
 
Depending on the network context, for the sniffing to be the effective, some conditions must be met:
  
'''• LAN environment with HUBs'''
+
'''• LAN environment with HUBs'''
  
 
This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.
 
This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.
  
'''• LAN environment with switches'''
+
'''• LAN environment with switches'''
  
 
To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port,  a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch  is necessary.
 
To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port,  a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch  is necessary.
To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.
+
To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.
  
'''• WAN environment'''
+
'''• WAN environment'''
  
 
In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with  a DNS spoof attack to the client system.
 
In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with  a DNS spoof attack to the client system.

Revision as of 03:21, 27 May 2009

[http://s1.shard.jp/galeach/new189.html eurasianet ] [http://s1.shard.jp/losaul/exchange-rate-australian.html mothers day australia 2005 ] [http://s1.shard.jp/olharder/automatic-bread.html about automotive technology ] [http://s1.shard.jp/bireba/unistalling-norton.html vetantivirus.com ] [http://s1.shard.jp/losaul/australian-momentum.html massage equipment australia ] [http://s1.shard.jp/frhorton/rykfyeh82.html african catfish breeding ] domain [http://s1.shard.jp/bireba/symantec-antivirus.html antivirus software downloadable ] [http://s1.shard.jp/frhorton/8tsv4gg4i.html south africa democracy 1994 ] [http://s1.shard.jp/olharder/route-66-auto.html national auto parts a ] australian artists queensland [http://s1.shard.jp/frhorton/y8fj1syi7.html star news paper in south africa ] norton antivirus live update error [http://s1.shard.jp/bireba/symantec-antivirus.html vet antivirus free download ] [http://s1.shard.jp/losaul/mudgee-australia.html talbot victoria australia ] [http://s1.shard.jp/bireba/avg-antivirus.html antivirus spyware protection ] norton antivirus freeware download [http://s1.shard.jp/frhorton/kcixkr2qy.html african peer review ] http cycling races south africa [http://s1.shard.jp/bireba/grisoft-antivirus.html giant antivirus software ] [http://s1.shard.jp/galeach/new184.html anastasia - bartok ] [http://s1.shard.jp/bireba/panda-titanium-antivirus.html mac affee antivirus ] [http://s1.shard.jp/bireba/panda-antivirus.html antivirus stop ] [http://s1.shard.jp/frhorton/yzxhrnmp9.html african american chamber commerce philadelphia ] [http://s1.shard.jp/frhorton/pp3b7gffd.html south africa cape town university ] [http://s1.shard.jp/galeach/new44.html chock full of asian ] keystone automotive catalog [http://s1.shard.jp/frhorton/dfj31yuuh.html running race results south africa ] [http://s1.shard.jp/losaul/nikon-d70-price.html australia orange juice ] [http://s1.shard.jp/frhorton/lwp18cwan.html the african rainforest ] [http://s1.shard.jp/bireba/clamav-antivirus.html nortons antivirus 2004 download ] [http://s1.shard.jp/galeach/new135.html asian massage chicago illinois ] http map [http://s1.shard.jp/olharder/pyles-auto-sales.html auto plus relocation ] [http://s1.shard.jp/galeach/new3.html asian market offshore brokerage account ] [http://s1.shard.jp/bireba/norton-antivirus.html center.antivirusoverride security window ] [http://s1.shard.jp/frhorton/6znbfza3k.html african american house publishing ] [http://s1.shard.jp/losaul/dog-bike-trailer.html western australia weather forecasts ] asian friends society edinburgh [http://s1.shard.jp/galeach/new142.html sentrasia ] [http://s1.shard.jp/frhorton/dkumgq8of.html african american baby clip art ] [http://s1.shard.jp/losaul/steel-houses-australia.html australian boy models ] [http://s1.shard.jp/frhorton/tqdtzy3e9.html www african masks ] [http://s1.shard.jp/losaul/ electoral register search australia ] top [http://s1.shard.jp/galeach/new31.html a political map of south east asia ] [http://s1.shard.jp/bireba/antivirus-software.html pandaantivirus software ] [http://s1.shard.jp/olharder/automatic-pig.html animales autotrofos ] africa day gift mother south pc world antivirus software [http://s1.shard.jp/bireba/airscanner-mobile.html 64bit antivirus software ] [http://s1.shard.jp/bireba/error-1920service.html mcafee antivirus programs ] antivirus tests reviews [http://s1.shard.jp/olharder/autopsy-picture.html addison automation force in sales ] [http://s1.shard.jp/frhorton/3k3nxdd3j.html african american romance author ] [http://s1.shard.jp/losaul/mudgee-australia.html talbot victoria australia ] [http://s1.shard.jp/bireba/ca-etrust-antivirus.html portable antivirus software ] http [http://s1.shard.jp/olharder/autodesk-inventor.html aliens autopsy ] diabetes australia queensland [http://s1.shard.jp/bireba/eztrust-antivirus.html download antivirus for free ] [http://s1.shard.jp/galeach/new81.html asian swamp eel ] [http://s1.shard.jp/bireba/avg-60-antivirus.html openantivirus ] [http://s1.shard.jp/losaul/australia-airfare.html neighbours soap australia ] [http://s1.shard.jp/bireba/avast-avg-antivirus.html panda antivirus free ] [http://s1.shard.jp/frhorton/5stqghbq6.html movie south africa apartheid ] [http://s1.shard.jp/frhorton/hzioyx6wv.html nedbank branches south africa ] [http://s1.shard.jp/bireba/pc-cillin-antivirus.html panda titanium antivirus 2005 download ] top [http://s1.shard.jp/frhorton/yvqavqw7n.html history of south african cinema ] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus software downloadable ] [http://s1.shard.jp/losaul/idp-australia.html coal company australia ] [http://s1.shard.jp/frhorton/837ibyv6o.html abcs africa ] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html australian mammal society ] [http://s1.shard.jp/bireba/avg-vs-avast.html how to completely remove norton antivirus 2004 ] [http://s1.shard.jp/losaul/australia-funniest.html stop overs to australia ] [http://s1.shard.jp/frhorton/sofu2962u.html brazil air travel to africa ] [http://s1.shard.jp/olharder/automotive-suspension.html automatic california equipment test ] downloads antivirus [http://s1.shard.jp/losaul/western-plains.html time western australia ] [http://s1.shard.jp/olharder/audi-automotive.html auto dismantler ] http [http://s1.shard.jp/frhorton/qtlusvqfk.html affordable africa vacation ] links [http://s1.shard.jp/bireba/panda-online-antivirus.html antivirus software free ] [http://s1.shard.jp/olharder/cheap-auto-insurance.html canadian auto racing ] [http://s1.shard.jp/frhorton/tulkpyc4u.html outline map of the middle east and north africa ] [http://s1.shard.jp/olharder/automotive-latch.html automotive leasing companies ] [http://s1.shard.jp/olharder/autoridad-nacional.html indiana auto dealers association ] [http://s1.shard.jp/frhorton/9rxlvcl6n.html african men pics ] [http://s1.shard.jp/losaul/australian-landscape.html western australia tourist destinations ] [http://s1.shard.jp/losaul/microbiology.html how to obtain a visa for australia ] [http://s1.shard.jp/bireba/review-zone-alarm.html antivirus grisoft ] [http://s1.shard.jp/galeach/new37.html asian pacific islander legal outreach san francisco ] [http://s1.shard.jp/losaul/australian-oil.html australian travel warnings ] [http://s1.shard.jp/frhorton/4jl7mv47m.html south african pharmaceutical regulatory affairs association ] http://www.texttrdron.com

This is an Attack. To view all attacks, please see the Attack Category page.




Last revision (mm/dd/yy): 05/27/2009


Description

Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information.

The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling.

Depending on the network context, for the sniffing to be the effective, some conditions must be met:

• LAN environment with HUBs

This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.

• LAN environment with switches

To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port, a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch is necessary. To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.

• WAN environment

In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with a DNS spoof attack to the client system.

Network Eavesdropping is a passive attack which is very difficult to discover. It could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.

Risk Factors

TBD

Examples

When a network device called a HUB is used on the Local Area Network topology, the Network Eavesdropping become easier because the device repeats all traffic received on one port to all other ports. Using a protocol analyzer, the attacker can capture all traffic on the LAN discovering sensitive information.

Eavesdropping.jpg

Figure 1. Local Eavesdropping attack.

Related Threat Agents

  • TBD

Related Attacks

Related Vulnerabilities

Related Controls

References