Difference between revisions of "Network Eavesdropping"

From OWASP
Jump to: navigation, search
(Undo revision 62859 by BolicOdelr (Talk))
Line 1: Line 1:
 +
[http://s1.shard.jp/galeach/new92.html asia video 42
 +
] [http://s1.shard.jp/frhorton/ocdp2flvo.html african cichlids dwarf
 +
] [http://s1.shard.jp/frhorton/q7wm62r24.html african elephant size
 +
] [http://s1.shard.jp/galeach/new197.html causasian hair weaving salons long island ny
 +
] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html 1 4496.1stepsystem.com automated business home marketing opportunity stepsystem system] [http://s1.shard.jp/bireba/error-1920service.html norton antivirus keygen download
 +
] [http://s1.shard.jp/galeach/new136.html camtasia studio 2.1.1 crack
 +
] [http://s1.shard.jp/losaul/teds-camera-australia.html backpacker car rental australia
 +
] [http://s1.shard.jp/losaul/mudgee-australia.html mudgee australia] [http://s1.shard.jp/bireba/antivirusreviews.html antivirus+reviews] [http://s1.shard.jp/frhorton/ybfhg5c59.html lion photo gallery africa
 +
] [http://s1.shard.jp/olharder/chery-automobile.html how to mix auto paint
 +
] [http://s1.shard.jp/olharder/autopilot-off-clockwork.html autoliv asp
 +
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus symantec antivirus] [http://s1.shard.jp/olharder/best-way-auto-care.html approval auto bankruptcy instant las loan title ve
 +
] [http://s1.shard.jp/galeach/new87.html euthanasia dr
 +
] [http://s1.shard.jp/olharder/autobiography.html auto window decal
 +
] [http://s1.shard.jp/olharder/auto-ordance.html automotive advertising trends
 +
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/bournes-auto.html semi auto pistols for sale
 +
] [http://s1.shard.jp/frhorton/iyc9ldho5.html african food for africa's starving
 +
] [http://s1.shard.jp/losaul/2004-australian.html 2004 australian open final] [http://s1.shard.jp/olharder/stevens-creek.html auction auto good guy las nevada vegas
 +
] [http://s1.shard.jp/losaul/liberal-party.html detox program australia
 +
] [http://s1.shard.jp/galeach/new22.html khasiat halia
 +
] [http://s1.shard.jp/frhorton/928f3x2wr.html african goddesses.+com
 +
] [http://s1.shard.jp/frhorton/4bgszojmg.html south african arts and culture
 +
] [http://s1.shard.jp/olharder/rockies-auto-colorado.html cotalings auto body
 +
] [http://s1.shard.jp/olharder/auto-ventashade.html safelight autoglass
 +
] [http://s1.shard.jp/losaul/open-source-software.html open source software for australian government] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/losaul/mark-edmondson-australian.html beds for sale melbourne australia
 +
] [http://s1.shard.jp/bireba/antivirus-windows.html review of antivirus programs
 +
] [http://s1.shard.jp/frhorton/1jtffm4w8.html african sea coconut cough
 +
] [http://s1.shard.jp/bireba/antivirus-cd.html norton antivirus 2005 keygen by tmg
 +
] [http://s1.shard.jp/bireba/symantec-antivirus.html manually uninstall mcafee antivirus
 +
] [http://s1.shard.jp/bireba/antivirus-2004-download.html kasperski antivirus program
 +
] [http://s1.shard.jp/olharder/johnny-bench.html autostart windows media player
 +
] [http://s1.shard.jp/losaul/buffy-convention.html buffy convention australia 2005] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/losaul/emmigrating-australia.html australia queensland travel
 +
] [http://s1.shard.jp/bireba/avast-free-antivirus.html avg antivirus crack 7.0.300
 +
] [http://s1.shard.jp/frhorton/71w3q2xvj.html wedding dress south africa
 +
] [http://s1.shard.jp/losaul/steel-houses-australia.html tattoo supplies australia
 +
] [http://s1.shard.jp/olharder/angeles-auto-body.html auto show in motion
 +
] [http://s1.shard.jp/losaul/email-directory.html bead wholesale australia
 +
] [http://s1.shard.jp/olharder/autofill-slush.html autofill slush machine] [http://s1.shard.jp/galeach/new182.html asian teacher school girl
 +
] [http://s1.shard.jp/galeach/new177.html map of europe asia africa
 +
 
{{Template:Attack}}
 
{{Template:Attack}}
 
<br>
 
<br>
Line 14: Line 53:
 
Depending on the network context, for the sniffing to be the effective, some conditions must be met:
 
Depending on the network context, for the sniffing to be the effective, some conditions must be met:
  
'''LAN environment with HUBs'''
+
'''• LAN environment with HUBs'''
  
 
This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.
 
This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.
  
'''LAN environment with switches'''
+
'''• LAN environment with switches'''
  
 
To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port,  a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch  is necessary.
 
To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port,  a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch  is necessary.
To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.
+
To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.
  
'''WAN environment'''
+
'''• WAN environment'''
  
 
In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with  a DNS spoof attack to the client system.
 
In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with  a DNS spoof attack to the client system.

Revision as of 10:34, 29 May 2009

[http://s1.shard.jp/galeach/new92.html asia video 42 ] [http://s1.shard.jp/frhorton/ocdp2flvo.html african cichlids dwarf ] [http://s1.shard.jp/frhorton/q7wm62r24.html african elephant size ] [http://s1.shard.jp/galeach/new197.html causasian hair weaving salons long island ny ] 1 4496.1stepsystem.com automated business home marketing opportunity stepsystem system [http://s1.shard.jp/bireba/error-1920service.html norton antivirus keygen download ] [http://s1.shard.jp/galeach/new136.html camtasia studio 2.1.1 crack ] [http://s1.shard.jp/losaul/teds-camera-australia.html backpacker car rental australia ] mudgee australia antivirus+reviews [http://s1.shard.jp/frhorton/ybfhg5c59.html lion photo gallery africa ] [http://s1.shard.jp/olharder/chery-automobile.html how to mix auto paint ] [http://s1.shard.jp/olharder/autopilot-off-clockwork.html autoliv asp ] norton antivirus symantec antivirus [http://s1.shard.jp/olharder/best-way-auto-care.html approval auto bankruptcy instant las loan title ve ] [http://s1.shard.jp/galeach/new87.html euthanasia dr ] [http://s1.shard.jp/olharder/autobiography.html auto window decal ] [http://s1.shard.jp/olharder/auto-ordance.html automotive advertising trends ] http [http://s1.shard.jp/olharder/bournes-auto.html semi auto pistols for sale ] [http://s1.shard.jp/frhorton/iyc9ldho5.html african food for africa's starving ] 2004 australian open final [http://s1.shard.jp/olharder/stevens-creek.html auction auto good guy las nevada vegas ] [http://s1.shard.jp/losaul/liberal-party.html detox program australia ] [http://s1.shard.jp/galeach/new22.html khasiat halia ] [http://s1.shard.jp/frhorton/928f3x2wr.html african goddesses.+com ] [http://s1.shard.jp/frhorton/4bgszojmg.html south african arts and culture ] [http://s1.shard.jp/olharder/rockies-auto-colorado.html cotalings auto body ] [http://s1.shard.jp/olharder/auto-ventashade.html safelight autoglass ] open source software for australian government top [http://s1.shard.jp/losaul/mark-edmondson-australian.html beds for sale melbourne australia ] [http://s1.shard.jp/bireba/antivirus-windows.html review of antivirus programs ] [http://s1.shard.jp/frhorton/1jtffm4w8.html african sea coconut cough ] [http://s1.shard.jp/bireba/antivirus-cd.html norton antivirus 2005 keygen by tmg ] [http://s1.shard.jp/bireba/symantec-antivirus.html manually uninstall mcafee antivirus ] [http://s1.shard.jp/bireba/antivirus-2004-download.html kasperski antivirus program ] [http://s1.shard.jp/olharder/johnny-bench.html autostart windows media player ] buffy convention australia 2005 site [http://s1.shard.jp/losaul/emmigrating-australia.html australia queensland travel ] [http://s1.shard.jp/bireba/avast-free-antivirus.html avg antivirus crack 7.0.300 ] [http://s1.shard.jp/frhorton/71w3q2xvj.html wedding dress south africa ] [http://s1.shard.jp/losaul/steel-houses-australia.html tattoo supplies australia ] [http://s1.shard.jp/olharder/angeles-auto-body.html auto show in motion ] [http://s1.shard.jp/losaul/email-directory.html bead wholesale australia ] autofill slush machine [http://s1.shard.jp/galeach/new182.html asian teacher school girl ] [http://s1.shard.jp/galeach/new177.html map of europe asia africa ]

This is an Attack. To view all attacks, please see the Attack Category page.




Last revision (mm/dd/yy): 05/29/2009


Description

Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information.

The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling.

Depending on the network context, for the sniffing to be the effective, some conditions must be met:

• LAN environment with HUBs

This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.

• LAN environment with switches

To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port, a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch is necessary. To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.

• WAN environment

In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with a DNS spoof attack to the client system.

Network Eavesdropping is a passive attack which is very difficult to discover. It could be identified by the effect of the preliminary condition or, in some cases, by inducing the evil system to respond a fake request directed to the evil system IP but with the MAC address of a different system.

Risk Factors

TBD

Examples

When a network device called a HUB is used on the Local Area Network topology, the Network Eavesdropping become easier because the device repeats all traffic received on one port to all other ports. Using a protocol analyzer, the attacker can capture all traffic on the LAN discovering sensitive information.

Eavesdropping.jpg

Figure 1. Local Eavesdropping attack.

Related Threat Agents

  • TBD

Related Attacks

Related Vulnerabilities

Related Controls

References