Sniffing requires that the hacker have a system on the ____________________________
_____________________________ do the same things that sniffers do.
Used to be that the __________________ the ____________________________________
Protocol analyzers can be
Many good sniffers are
Free tools are really all some incident handlers and security specialists use
Downside is that you have to
No matter what your needs, interest or budget, there is most likely at least one sniffer out there that does what you want
See next slide
Examples of Sniffers Windows version of TCPdump Free Windump Sniffer that decodes and prints many common protocols Analyzes only layers 3 and 4 protocols Free TCPdump Also an IDS Free Snort Decodes many specialized protocols Commercial Network Associates Sniffer Specializes in switched networks and man-in-the-middle sniffing Free Ettercap Graphical sniffer with additional analysis functions Analyzes all 7 layers of the OSI model Free Ethereal Suite of sniffing tools; including tools for sniffing switched networks Free Dsniff Comments Availability Sniffer
______________________________________________ enables the hacker to attempt an IP spoofing attack
IP Spoofing Details of IP spoofing Not sent back to Hacker’s machine The sequence number must be guessed and this must be done _________ ___________________________________________________________________________________
IP Spoof attack results
If the attack progresses well, the hacker will have a legitimate connection to the target system
IP Spoofing Example Using IP spoofing in the real world
First- we know the target and trusted systems have a trust relationship.
The IP address of the trusted system will be allowed into the target system
Second- Trusted system must be silenced (with a DoS attack)
Third- Once we gain access to the target system (step 5), we can make changes- can you think of changes we can make?
Malicious codes include three types of programs:
Computer viruses are __________________________ ______________________________________
Virus codes execute when the ___________________ _____________________________________
Malicious viruses may __________________________ _____________________________________________
Some viruses just spread themselves to other systems without performing any malicious acts.
How computer viruses spread…
When on an infected computer, the virus will _____________________________ ___________________________________________________________________
More common method: read the e-mail address book of infected computer and _________________________________
Trojan Horse Programs
A Trojan horse is a
It is a program that looks benign but actually has a malicious purpose.