SlideShare a Scribd company logo

Packet sniffing & ARP Poisoning

Viren Rao
Viren Rao

This slideshow shows the threat ARP poisoning poses by allowing Packet sniffing attacks using Wireshark on a college network and provides possible mitigation action for the vulnerability

Technology
1 of 31
Download to read offline
Packet sniffing is a term used to describe Capturing of packets that are transmitted over a network
Wireshark is a free and open-source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
The SICSR network is susceptible to ARP spoofing which is a technique whereby an attacker sends fake (“spoofed”)Address resolution protocol(ARP) messages onto a LAN. Generally, the aim is to associate the attacker's Mac address with the IP of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.
As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.
The captured packets can be filtered according to protocol , IP, method and various other parameters.
Wireshark was a tool used to analyze the network and identify that ARP poisoning is possible on the network. The sniffer would not give any result if the poisoning failed.
Audit Plan Auditor Name: Viren Rao Date of Auditing :24/8/2014 Scope Plan Audit Selection area Selection criteria for auditors Training plan for auditors Audit goal Audit status Reporting Audit archival location To evaluate whether ARP poisoning is possible Check for new needs for improvement, Start Date: 24/8/2014 , Closure Date: 7/9/2014. Last audit results: ARP poisining is still possible hence enabling packet sniffing Selection of auditors: risk analyst, project manager and system admin The system admins will be needed to trained to take appropriate actions Is packet sniffing possible ? Level of risk is HIGH SICSR network
FMEA is a disciplined procedure, which allows anticipating failures and preventing their occurrence in implementation/development. FMEA Process in Packet sniffing :  Select the design for FMEA team.  Identify critical areas Analyse network  Identified associated failure mode and effects. Are the Analysis tools giving any output ? Just avoid that risk.  Assign severity, occurrence and detection rating to each cause. Severity :High Occurrence: 1/10  Calculate Risk Priority Number (PRN) for each cause RPN : 8/10  Determine recommended action to reduce all RPN  Take appropriate actions.  Recalculate all RPN;’s with actual results.
RISK mitigation PLAN TITLE:Packet sniffing analyst:Viren Rao Date:10/8/2014 Risk id Date identified risk Source Catgory Severity probability index impact in $ Exposure to risk identified Response Mitigation plan Contengency plan Threshold trigger for contengency plan ownership Risk status Progress 1 10-08- 2014 Packet sniffing SICSR Technical Risk High least likely No $ harm less Accepted Risk Avoidance Configure and purchace appropriate firewalls SICSR Yet to be mitigated Packet sniffing is still possible
Security is something that most organizations try to work upon . However it is observed that most organizations seldom look into an untouched area which is the Layer 2 of the OSI which can open the network to a variety of attacks and compromises.
Currently this vulnerability has not been exploited. If at all this vulnerability is exploited this could be a major security breach as all packets moving around a single subnet on the network can be intercepted .
To allocate resources and implement cost-effective controls, organizations, after identifying all possible controls and evaluating their feasibility and effectiveness, should conduct a cost-benefit analysis for each proposed control to determine which controls are required and appropriate for their circumstances. Benefits could be:  Tangible: Quantitative  Intangible: Qualitative
Cost factor New in Rs. Enhancements in Rs. Hardware 90,000 30,000 Software -- -- Policies and procedures 50,000 20,000 Efforts 100000 50000 Training 50000 10000 Maintenance 50000
Man In The Middle attacks(MITM) which are done using ARP poisoning can be prevented in numerous ways. However all methods are not suitable in all scenarios .
To prevent ARP spoofing you need to add a static ARP on the LAN. This method become troublesome if your router changed frequently, so if you use this prevention method you need to delete the old one and add the new one if it change.
Configuration of existing switches to use Private VLANS where one port can only speak with the gateway. Even things on the same subnet must go through the gateway to talk.
According to a white paper ,Cisco Catalyst 6500 Series Switches have an mechanism to prevent such attacks .It provides a feature called Dynamic ARP Inspection (DAI) which helps prevent ARP poisoning and other ARP- based attacks by intercepting all ARP requests and responses, and by verifying their authenticity before updating the switch's local ARP cache or forwarding the packets to the intended destinations
The first method is This method is strictly not suitable for the SICSR network as it is a temporary solution for small networks. Considering the fact that we have Webservers running on our network, the second method will significantly hamper the performance of the network ,and therefore is not suitable for the network infrastructure. The third method is the best solution for this vulnerability and should be implemented on priority basis.
• Purpose: To assess the risk involved in packet sniffing. • Scope of this risk assessment: Components are SICSR network.
Briefly describe the approach used to conduct the risk assessment, such as—  Risk Assessment Team Members  Check whether PR poisoning is possible
Server, Network, Interface.  The mission is to avoid sniffing.
Packets on network can be intercepted.
List the observations:  Identification of existing mitigating security controls: Implementing use of tools to detect poisoning.  Likelihood and evaluation: low likelihood  Impact analysis and evaluation: High impact  Risk rating based on the risk-level matrix: Medium
Packet sniffing is a technical risk, Risk level is high, we can use features in new switches or configure existing switches for patching the risk
Packet sniffing & ARP Poisoning

Recommended

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers Ravi Teja Reddy
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 

Recommended

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers Ravi Teja Reddy
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
PACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONPACKET Sniffer IMPLEMENTATION
PACKET Sniffer IMPLEMENTATIONGoutham Royal
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffingShyama Bhuvanendran
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
IRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET- Secure Data Transmission from Malicious Attacks: A ReviewIRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET- Secure Data Transmission from Malicious Attacks: A ReviewIRJET Journal
 

More Related Content

What's hot

Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 

What's hot (20)

NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Kerberos
KerberosKerberos
Kerberos
 
Cryptography
CryptographyCryptography
Cryptography
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
System hacking
System hackingSystem hacking
System hacking
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Incident response process
Incident response processIncident response process
Incident response process
 
Port scanning
Port scanningPort scanning
Port scanning
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
 
Ipsec
IpsecIpsec
Ipsec
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 

Similar to Packet sniffing & ARP Poisoning

A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
IRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET- Secure Data Transmission from Malicious Attacks: A ReviewIRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET- Secure Data Transmission from Malicious Attacks: A ReviewIRJET Journal
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
 
Deploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDeploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDatacomsystemsinc
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...IJNSA Journal
 
Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniquesiosrjce
 
Address Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
Address Resolution Protocol (ARP) Spoofing Attack And Proposed DefenseAddress Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
Address Resolution Protocol (ARP) Spoofing Attack And Proposed DefenseJoe Andelija
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17redpel dot com
 
Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Mumbai Academisc
 
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET Journal
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET Journal
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoringProgrammer
 
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANIJNSA Journal
 

Similar to Packet sniffing & ARP Poisoning (20)

A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
IRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET- Secure Data Transmission from Malicious Attacks: A ReviewIRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET- Secure Data Transmission from Malicious Attacks: A Review
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the network
 
Deploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDeploying Network Taps for Improved Security
Deploying Network Taps for Improved Security
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
 
Internet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining TechniquesInternet Worm Classification and Detection using Data Mining Techniques
Internet Worm Classification and Detection using Data Mining Techniques
 
L017317681
L017317681L017317681
L017317681
 
Address Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
Address Resolution Protocol (ARP) Spoofing Attack And Proposed DefenseAddress Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
Address Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17
 
Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...Agent based intrusion detection, response and blocking using signature method...
Agent based intrusion detection, response and blocking using signature method...
 
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
 

Recently uploaded

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Packet sniffing & ARP Poisoning

  • 1.
  • 2. Packet sniffing is a term used to describe Capturing of packets that are transmitted over a network
  • 3. Wireshark is a free and open-source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
  • 4. The SICSR network is susceptible to ARP spoofing which is a technique whereby an attacker sends fake (“spoofed”)Address resolution protocol(ARP) messages onto a LAN. Generally, the aim is to associate the attacker's Mac address with the IP of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
  • 5.
  • 6. After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.
  • 7.
  • 8. As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.
  • 9.
  • 10. The captured packets can be filtered according to protocol , IP, method and various other parameters.
  • 11. Wireshark was a tool used to analyze the network and identify that ARP poisoning is possible on the network. The sniffer would not give any result if the poisoning failed.
  • 12. Audit Plan Auditor Name: Viren Rao Date of Auditing :24/8/2014 Scope Plan Audit Selection area Selection criteria for auditors Training plan for auditors Audit goal Audit status Reporting Audit archival location To evaluate whether ARP poisoning is possible Check for new needs for improvement, Start Date: 24/8/2014 , Closure Date: 7/9/2014. Last audit results: ARP poisining is still possible hence enabling packet sniffing Selection of auditors: risk analyst, project manager and system admin The system admins will be needed to trained to take appropriate actions Is packet sniffing possible ? Level of risk is HIGH SICSR network
  • 13. FMEA is a disciplined procedure, which allows anticipating failures and preventing their occurrence in implementation/development. FMEA Process in Packet sniffing :  Select the design for FMEA team.  Identify critical areas Analyse network  Identified associated failure mode and effects. Are the Analysis tools giving any output ? Just avoid that risk.  Assign severity, occurrence and detection rating to each cause. Severity :High Occurrence: 1/10  Calculate Risk Priority Number (PRN) for each cause RPN : 8/10  Determine recommended action to reduce all RPN  Take appropriate actions.  Recalculate all RPN;’s with actual results.
  • 14. RISK mitigation PLAN TITLE:Packet sniffing analyst:Viren Rao Date:10/8/2014 Risk id Date identified risk Source Catgory Severity probability index impact in $ Exposure to risk identified Response Mitigation plan Contengency plan Threshold trigger for contengency plan ownership Risk status Progress 1 10-08- 2014 Packet sniffing SICSR Technical Risk High least likely No $ harm less Accepted Risk Avoidance Configure and purchace appropriate firewalls SICSR Yet to be mitigated Packet sniffing is still possible
  • 15. Security is something that most organizations try to work upon . However it is observed that most organizations seldom look into an untouched area which is the Layer 2 of the OSI which can open the network to a variety of attacks and compromises.
  • 16. Currently this vulnerability has not been exploited. If at all this vulnerability is exploited this could be a major security breach as all packets moving around a single subnet on the network can be intercepted .
  • 17. To allocate resources and implement cost-effective controls, organizations, after identifying all possible controls and evaluating their feasibility and effectiveness, should conduct a cost-benefit analysis for each proposed control to determine which controls are required and appropriate for their circumstances. Benefits could be:  Tangible: Quantitative  Intangible: Qualitative
  • 18. Cost factor New in Rs. Enhancements in Rs. Hardware 90,000 30,000 Software -- -- Policies and procedures 50,000 20,000 Efforts 100000 50000 Training 50000 10000 Maintenance 50000
  • 19. Man In The Middle attacks(MITM) which are done using ARP poisoning can be prevented in numerous ways. However all methods are not suitable in all scenarios .
  • 20. To prevent ARP spoofing you need to add a static ARP on the LAN. This method become troublesome if your router changed frequently, so if you use this prevention method you need to delete the old one and add the new one if it change.
  • 21. Configuration of existing switches to use Private VLANS where one port can only speak with the gateway. Even things on the same subnet must go through the gateway to talk.
  • 22. According to a white paper ,Cisco Catalyst 6500 Series Switches have an mechanism to prevent such attacks .It provides a feature called Dynamic ARP Inspection (DAI) which helps prevent ARP poisoning and other ARP- based attacks by intercepting all ARP requests and responses, and by verifying their authenticity before updating the switch's local ARP cache or forwarding the packets to the intended destinations
  • 23. The first method is This method is strictly not suitable for the SICSR network as it is a temporary solution for small networks. Considering the fact that we have Webservers running on our network, the second method will significantly hamper the performance of the network ,and therefore is not suitable for the network infrastructure. The third method is the best solution for this vulnerability and should be implemented on priority basis.
  • 24.
  • 25. • Purpose: To assess the risk involved in packet sniffing. • Scope of this risk assessment: Components are SICSR network.
  • 26. Briefly describe the approach used to conduct the risk assessment, such as—  Risk Assessment Team Members  Check whether PR poisoning is possible
  • 27. Server, Network, Interface.  The mission is to avoid sniffing.
  • 28. Packets on network can be intercepted.
  • 29. List the observations:  Identification of existing mitigating security controls: Implementing use of tools to detect poisoning.  Likelihood and evaluation: low likelihood  Impact analysis and evaluation: High impact  Risk rating based on the risk-level matrix: Medium
  • 30. Packet sniffing is a technical risk, Risk level is high, we can use features in new switches or configure existing switches for patching the risk