Man in the middle. Bởi: Hung Tran
|
|
- Arnold Davis
- 5 years ago
- Views:
Transcription
1 Man in the middle Bởi: Hung Tran INTRODUCTION In today society people rely a lot on the Internet for studying, doing research and doing business. Internet becomes an integral part of modern life and many efforts were put to make it secure for example the series of cryptography techniques and secure protocols like SSL. Unfortunately not all the computers are equipped with the necessary protection, in the network environment, when a packet travels from the source host to the destination host, it can be recorded, extracted, or altered by the third party host which we call man in the middle or MITM. In the man in the middle attack, the attacker tries to locate his host between two victim hosts so he can intercept the data transmitted between the victims as they are not aware of the man in the middle. Man In The Middle Illustration 1/19
2 Figure 1 illustrates the MITM context, the man in the middle impersonate both Alice and Bob by relaying the messages between them. Alice believes that she is directly talking to Bob and so does Bob; however, the attacker now can control the whole communication. In this project, I will present the techniques to implement the MITM attacks in the LAN environment, the most common type of MITM attacks. In these attacks, the attacker will have the ability to: capture the sensitive data like username and password of hosts in LAN during the authentication phase tamper the data transmitted between victim hosts Then I will present some solutions provided by the security experts to prevent MITM attacks as well as reduce the risks that they can cause. SYSTEM DESCRIPTION The key factor to ensure the success of MITM attacks is that the attacker must have the ability to place his host at the position that he can intercept the communication between his victims. Unfortunately, the weakness of Address Resolution Protocol (ARP) in Local Area Network (LAN) environment which translates the IP addresses into MAC addresses totally allows the attacker spoof the MAC addresses of other hosts. Hence, he can capture all the traffic to those spoofed hosts. In this section I will present a technique called ARP Spoofing or ARP Redirect that is commonly used to redirect the traffic between two hosts through the third host which is owned by the attacker. Then, I will describe the network configuration of the lab that will be used to implement the MITM attacks. ARP Spoofing Assume that Alice and Bob s hosts are connected into a LAN and Alice wants to send a packet to Bob. Although Alice knows Bob s IP address, the Data Link Layer in Alice still needs to know the MAC address of Bob to transmit the packet via LAN. To get Bob s MAC address, Alice first checks if she store Bob s MAC address in her ARP cache. If it exists, she can use Bob s MAC address, else, she sends the ARP request to ask for the MAC address corresponding to Bob s IP address. All the hosts on LAN will receive the ARP request from Alice but only Bob has the IP address described in the ARP request, so Bob will return his MAC address to Alice. When Alice has Bob s MAC address, the data transmission begins. 2/19
3 ARP Spoofing Now we assume that there is one more host, Charlie, is connected to LAN with Alice and Bob. Charlie will send Alice the ARP reply message saying that the MAC corresponding to Bob s IP is Charlie s MAC and at the same time Charlie sends Bob the ARP reply saying that the MAC corresponding to Alice s IP is Charlie s MAC. Both Alice and Bob update their ARP cache and use that information to transmit packet. As the result, the entire conversation between Alice and Bob flows through Charlie (as shown in the Figure 2.) Lab Network Configuration As mentioned above, in this project, I will implement the MITM attacks on LAN environment to demonstrate how the attacker can launch the MITM attacks and what he can do with the data of his victim. I setup the simple network for the lab as shown in the Figure 3. 3/19
4 Lab Network Configuration Linux server: is used to provide some common Internet services. This machine also plays the roles of the attacker s host in some scenes and as the victim host in the other scene OS: Ubuntu Linux 7.10 Services: HTTP (Apache), FTP (ProFTPD), SMTP/POP3 (Postfix), MySQL MITM Tools: ettercap, dsniff, ethereal Windows XP desktop: plays the roles as a attacker s host in some scenes and as the victim host in the other scenes OS: Windows XP Professional MITM Tools: ettercap, CAIN, Wireshark Windows Vista laptop: plays the roles as the victim host All these machines are connected into switched LAN network and have access to the Internet via router. The router here also plays the roles of victim host since there will be the attack to the communication between a host inside LAN and the router. 4/19
5 MITM ATTACK AND DEFENSE Capture Sensitive Data Attack #1 Scenario: Windows Vista laptop accesses to Linux server for services like HTTP, FTP, , and Database. Windows XP desktop launches the MITM attack to reveal username and password that the laptop uses as shown in Figure 4. MITM attack inside LAN Method: To launch this attack, Windows XP machine first has to poison the ARP caches of Linux machine and Windows Vista machine. There are many software tools available to do ARP poisoning, however I use ettercap in this attack since it is all-in-one tool which can do both ARP poisoning and network 5/19
6 sniffing. In addition, I can use ettercap in both Windows and Linux platforms. The attack is described in the following steps Step 1: Launch ettercap in Windows XP then choose working mode as Promisc mode Ettercap working mode and choose Sniff mode as Unified sniffing then select the network card that has connection to lab s LAN Ettercap sniffing mode Step 2: Add Windows Vista machine and Linux machine to the target of ettercap. This can be done by select menu Hosts Scan for hosts and then select menu Hosts Host list then select for Target 1 and select for Target 2. Verify the targets by choosing menu Targets Current Targets 6/19
7 Targets of the attack Step 3: Poison the ARP caches of Windows Vista and Linux machines by select menu Mitm Arp poisoning then choose Sniff remote connections Poisoning the ARP caches of targets 7/19
8 To verify that the ARP poisoning is successful, I check the ARP caches at both targets by using command: arp a ARP cache of Windows Vista machine ARP cache of Linux machine We can easily see that both ARP caches are poisoned, in Windows Vista machine, the entry (Linux machine) has the MAC address 00-1D (Windows XP machine) and in Linux machine the entry (Windows Vista machine) has the MAC address 00:1D:09:82:22:95 (Windows XP machine) Step 4: Sniff the traffic between Windows Vista machine and Linux machine and capture the sensitive information by choosing menu Start Start Sniffing Sniffing traffic between two targets 8/19
9 The connections can be seen by choosing menu View Connections. For each connection, we can see the data by select it and choose View Details Connections between two targets Result: After successfully capturing the data transmitted between two targets, we can now examine it to reveal the sensitive information. In this attack, Windows Vista machine will access the following services which require authentication from Linux machine: Online music via web FTP via SMTP/POP3 By viewing the details of each connection between two targets, I can easily see all the usernames and passwords. Furthermore, ettercap automatically records the usernames and passwords transmitted in clear text form. 9/19
10 FTP username and password username and password 10/19
11 Usernames and passwords detected by ettercap Attack #2 Scenario: Windows XP desktop accesses to an Internet site that uses SSL, Gmail, for example. Linux server launches the MITM attack to capture the username and password of the desktop as shown in Figure /19
12 MITM attack between a host inside LAN and the router Method: In this attack, I am trying to mislead the Gmail user to accept the fake certificate that is issued by me, not by Google. If the user has some knowledge about computer security and s/he examines the certificate before accepting it. The attack would not be successful. 12/19
13 Fake certificate To launch this attack, I use the following tools: ettercap: to do ARP poisoning dsniff software suite:dnsspoof to answer the DNS requests from Windows XP machine with Linux machine as the DNS server and webmitm to relay all the HTTP and HTTPS request from Linux machine to the real servers. ssldump: to decrypt the encrypted data with fake certificate Wireshark: to capture traffic between Windows XP machine and the router. Firstly, I need to do the ARP poisoning the ARP caches of Windows XP machine and the router using tool ettercap like the attack presented in section And then I do the DNS spoofing by using tool dnsspoof. At this stage I launch the webmitm -d tool which is the used to relay the traffic from Windows XP machine to Gmail. Then I use Winshark to capture the traffic and save as gmail.log file. All the packets captured in gmail.log can be decrypted by using the tool ssldump: ssldump r gmail.log k webmitm.cert d > out Result: The username and password of Gmail user can be obtain from the out file by using the command: cat out grep Passwd 13/19
14 Gmail username and password Using the same attack method I also get the account information from the SSL connections to my bank s server: Bank account information and also, my HawkID and password in ICON Iowa Courses Online. : 14/19
15 HawkID and password in ICON the same result with ISIS Iowa Student Information Services. : Tamper the Data HawkID and password in ISIS Scenario: Windows XP desktop accesses to an Internet site via the router. Linux server launches the MITM attack between the desktop and the router to deface the website that the desktop are surfing as shown in Figure /19
16 Method: The preparation for this attack is similar to the attack mentioned in section with two targets: Windows XP machine and the router of the lab. In this case, ettercap will modify the data from the router before forwarding to Windows XP machine. To automate this task, I will create the filter, which is a method to extend the ability of ettercap, to automatically alter the incoming data. The filter is developed based on the original one from [4] as follow: # Change the Accept-Encoding of the client so server will send data to # client in the text plain format. if (ip.proto == TCP && tcp.dst == 80) { if (search(data.data, "Accept-Encoding")) { replace("accept-encoding", "Accept- Rubbish!"); msg("zapped Accept-Encoding!\n"); } } # Replace google s logo with other image and change Google text into Hacker if (ip.proto == TCP && tcp.src == 80) { replace("/intl/en_all/images/logo.gif", " replace("google", "Hacker"); msg("filter Ran.\n"); } I save the filter source code as img.filter and then use the command etterfilter img.filter o img.ef to compile it. After doing ARP poisoning to Windows XP and Linux s ARP cache like in the section 3.1.1, I apply the filter by choosing menu Filters Load a filter and select img.ef. Result: After applying the filter, the Windows XP machine gets the modified Google page: 16/19
17 Modified Google page Prevent MITM Attacks As we already saw in the previous sections, the MITM attacks could be prevented if: attacker does not have the ability to poison the ARP cache of victim hosts even if the attacker can poison the ARP cache of the victim hosts and capture data, he cannot learn anything from that if the data is strongly encrypted If we encrypt all the data passing over the network, MITM attacks can be avoided however, this is difficult to implement because of the complexity and the overhead processing. There are some methods to help prevent ARP poisoning suggested by the security experts [15]: For small network: Using static ARP table. In addition, in Windows machines, I installed the software called Symantec Endpoint Protection and enable the option Enable anti-mac spoofing and this helps prevent ARP poisoning of your ARP cache. 17/19
18 For large network: Using switch with Port Security feature which allows only one MAC address for each port For all network: Monitoring ARP caches by using the ARP monitoring tools like ARPwatch [16] to detect the changes in ARP cache. From my experience, when we detect some change in ARP cache of the machine, we may find the MAC address of the attacker in that machine and we can use this information to identify the attacker. RELATED WORK There are some groups conducting MITM attacks against the Secure Shell (SSH) version 1 [12], and Radio-frequency identification (RFID) Cards [13] and Universal Mobile Telecommunication Standard (UMTS) [14] which the different methods of attacking in comparison with the attacks in this project. CONCLUSION After successfully conducted the attacks above I fully understood how the Man-In-The- Middle attack works in switched LAN environment. With the ability of capturing and modifying data, the risk that the attacker can cause by using MITM attack is huge. As we discussed earlier, the key factor of MITM is ARP poisoning based on the weakness of ARP protocol. Unfortunately, the attack to it is very easy and there are numerous of freely available tools to help launch the attack. There are some solutions to prevent this kind of attack for example using personal firewall in the Windows computers, using static ARP caches in small network or using ARPwatch for the large net work as well as using the encrypted connections. In addition, by doing this project, I have an opportunity to setup an Internet server in Linux with all the basic services. REFERENCES [1] Wikipedia. Man In The Middle Attack. Man_in_the_middle. March 2008 [2] Wikipedia. ARP Spoofing. March 2008 [3] Ettercap. February 2008 [4] Fun with Ettercap Filters. ettercapfilter. March 2008 [5] ETTERCAP - The Easy Tutorial. February /19
19 [6] Crimemachine. How to decrypt SSL encrypted traffic using a man in the middle attack. April 2008 [7] Ethereal. April 2008 [8] dsniff. April 2008 [9] Haidong Xia and Jose' C. Brustoloni. Hardening Web Browsers Against Man-in-the- Middle and Eavesdropping Attacks. March 2008 [10] Ross Anderson and Mike Bond. The Man-in-the-Middle Defence. Computer Laboratory, University of Cambridge, Mar research/man-in-the-middle-defence.pdf [11] Serpanos, D.N., Lipton, R.J. Defense against man-in-the-middle attack in clientserver systems. Computers and Communications, Proceedings. Sixth IEEE Symposium on, vol., no., pp.9-14, 2001 [12] Threats Addressed by Secure Shell. ssh_overview/ssh_overview_threats.html. April 2008 [13] RFID Cards and Man-in-the-Middle Attacks. archives/2006/04/rfid_cards_and.html. April 2008 [14] A Man-in-the-Middle Attack on UMTS. abstract.aspx?&docid=141953&promo= April 2008 [15] Anatomy of an ARP Poisoning Attack. editorial/ asp. April 2008 [16] Arpwatch. April /19
Man In The Middle Project completed by: John Ouimet and Kyle Newman
Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims
More informationFUN WITH ETTERCAP FILTERS IronGeek
Ettercap [1] is sort of the Swiss army knife of ARP poisoning [2] and network sniffing. Ettercap can be extended by using filters and plug-ins, making it able to do all sorts of neat network tasks. Using
More informationPost Connection Attacks
Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationMan-in-the-Middle Laboratory
Course of Network Security Man-in-the-Middle Laboratory Phạm Anh Linh Đoàn, Meisyarah Dwiastuti, Manish Kumar & Mario Rafael Vuolo April 27, 2016 1. Introduction People when connect to a computer often
More informationThe Anatomy of a Man in the Middle Attack
Before we dig into this tutorial, lets take an opportunity to cover a fundamental ARP based attack, the Man in the Middle. We re going to cover how this attack works and then we re going to launch this
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationEthical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters
Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters - Durkee Consulting, Inc. Background Founder of Durkee Consulting since 1996 Founder of Rochester
More informationCYBER ATTACKS EXPLAINED: WIRELESS ATTACKS
CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationLab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?
Lab1 Definition of Sniffing: A program or device that captures vital information from the network traffic specific to a particular network. Passive Sniffing: It is called passive because it is difficult
More informationChapter 2. Switch Concepts and Configuration. Part II
Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationThe following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using
Module 08: Sniffers Objective The objective of this lab is to make students learn to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to: Sniff
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationEV CHARGING: MAPPING OUT THE CYBER SECURITY THREATS AND SOLUTIONS FOR GRIDS AND CHARGING INFRASTRUCTURE
EV CHARGING: MAPPING OUT THE CYBER SECURITY THREATS AND SOLUTIONS FOR GRIDS AND CHARGING INFRASTRUCTURE UtiliNet Europe Cyber Security Workshop Brussels, Belgium Dr. Christian Hille Dr. Manuel Allhoff
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationEndpoint Security - what-if analysis 1
Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File
More informationSwitched environments security... A fairy tale.
Switched environments security... A fairy tale. Cédric Blancher 10 july 2002 Outline 1 Network basics Ethernet basics ARP protocol Attacking LAN Several ways to redirect network
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More informationStudying the Security in VoIP Networks
Abstract Studying the Security in VoIP Networks A.Alseqyani, I.Mkwawa and L.Sun Centre for Security, Communications and Network Research, Plymouth University, Plymouth, UK e-mail: info@cscan.org Voice
More informationNetwork security - basic attacks
Network security - basic attacks Laboratory for the class Computer system security (02KRQ) Politecnico di Torino AA 2018/19 Prof. Antonio Lioy prepared by: Cataldo Basile (cataldo.basile@polito.it) v.
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationACCURATE STUDY GUIDES, HIGH PASSING RATE! Question & Answer. Dump Step. provides update free of charge in one year!
DUMP STEP Question & Answer ACCURATE STUDY GUIDES, HIGH PASSING RATE! Dump Step provides update free of charge in one year! http://www.dumpstep.com Exam : MK0-201 Title : CPTS - Certified Pen Testing Specialist
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationNETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi
NETGEAR-FVX538 Relation Fabrizio Celli;Fabio Papacchini;Andrea Gozzi -2008- Abstract Summary... 2 Chapter 1: Introduction... 4 Chapter 2: LAN... 6 2.1 LAN Configuration... 6 2.1.1 First experiment: DoS
More informationExtending NTOP feature to detect ARP spoofing
The 10 th International PSU Engineering Conference May 14-15, 2012 Extending NTOP feature to detect ARP spoofing Metha Wangthammang Sangsuree Vasupongayya* Department of Computer Engineering, Faculty of
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationIPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC
IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC Lin Tao lintao850711@sina.com Liu Wu liuwu@cernet.edu.cn Duan Haixin dhx@cernet.edu.cn Sun Donghong sdh@cernet.edu.cn Abstract IPv6 is widely
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationECCouncil Certified Ethical Hacker. Download Full Version :
ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking
More informationComputer Network Routing Challenges Associated to Tackle Resolution Protocol
Computer Network Routing Challenges Associated to Tackle Resolution Protocol Manju Bala IP College for Women, Department of Computer Science manjugpm@gmail.com Charvi Vats Dept. Of Comp. SC., IP College
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationSniffing & Keylogger. Deff Arnaldy, M.Si
Sniffing & Keylogger Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com 1 Konsep sniffing Capturing Live Network Data Explorasi hasil capturing Countermeasure sniffing Keyloggers Overview 2 Sniffer
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationAnalysis of OpenFlow Networks.
Analysis of OpenFlow Networks. Vikram Kulkarni Jayesh Kawli Introduction: Enterprise data center networks are rapidly reaching a breaking point, because of the data center network scale and complexity
More informationA Study on Intrusion Detection Techniques in a TCP/IP Environment
A Study on Intrusion Detection Techniques in a TCP/IP Environment C. A. Voglis and S. A. Paschos Department of Computer Science University of Ioannina GREECE Abstract: The TCP/IP protocol suite is the
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationSecuring ARP and DHCP for mitigating link layer attacks
Sādhanā Vol. 42, No. 12, December 2017, pp. 2041 2053 https://doi.org/10.1007/s12046-017-0749-y Ó Indian Academy of Sciences Securing ARP and DHCP for mitigating link layer attacks OSAMA S YOUNES 1,2 1
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More information4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare
4.. Filtering Filtering helps limiting traffic to useful services It can be done based on multiple criteria or IP address Protocols (, UDP, ICMP, ) and s Flags and options (syn, ack, ICMP message type,
More informationCase Studies, Lessons Learned. Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University
Case Studies, Lessons Learned Ing. Tijl Deneut Lecturer Applied Computer Sciences Howest Researcher XiaK, Ghent University Case Study Overview 3 different types of cases Troubleshooting We have systems
More informationProblem Set 10 Due: Start of class December 11
CS242 Computer Networks Handout # 20 Randy Shull December 4, 2017 Wellesley College Problem Set 10 Due: Start of class December 11 Reading: Kurose & Ross, Sections 7.1 7.3, 8.1 8.4 Wireshark Lab [16] Recall
More informationModern IP Communication bears risks
Modern IP Communication bears risks How to protect your business telephony from cyber attacks Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure
More informationWhat action do you want to perform by issuing the above command?
1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?
More informationHacking Wireless Networks by data
Hacking Wireless Networks by data -disclaimer- The sole purpose of this article is so that you may be informed about how your neighbor may be able to take a laptop, crack your wep/wpa key to your router
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 8 Networking Essentials Objectives Learn about the protocols and standards Windows uses for networking Learn how to connect
More informationJackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan
Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Lab Project # 3: Simulating DHCP Snooping and DNS Cache Poisoning through
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006-2015 Wenliang Du, Syracuse University. The development of this document is partially funded by the National Science Foundation s Course,
More informationTypes of Attacks That Can Be Carried Out on Wireless Networks
1 Types of Attacks That Can Be Carried Out on Wireless Networks Westley Hansen CS 4960 Dr. Martin May 7, 2015 2 Abstract Wireless Networks are very mainstream, it allows a way for computer devices to connect
More informationGenCyber Networking. ARP Poisoning
GenCyber Networking ARP Poisoning Refresher on ARP We are talking layer 2 of the OSI (data link) Most switches operate at layer 2, and perform as much networking as possible on layer 2 It s quicker to
More informationProject 4: Penetration Test
Project description Project 4: Penetration Test April 28, 2014 Bing Hao The learning objective of this project is to gain hands on experiences with the usage and functionality of Nmap, Neussus and Metsploit.
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationBSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario
BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic Topology Objectives Part 1: (Optional) Download and Install Wireshark Part 2: Capture and Analyze Local ICMP Data in Wireshark
More informationLab 1: Packet Sniffing and Wireshark
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer
More informationMuhammad Farooq-i-Azam CHASE-2006 Lahore
Muhammad Farooq-i-Azam CHASE-2006 Lahore Overview Theory Existing Sniffers in action Switched Environment ARP Protocol and Exploitation Develop it yourself 2 Network Traffic Computers and network devices
More informationNetworks and Communications MS216 - Course Outline -
Networks and Communications MS216 - Course Outline - Objective Lecturer Times Overall Learning Outcomes Format Programme(s) The objective of this course is to develop in students an understanding of the
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationNetworking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 1. Slide 2. Slide 3
Slide 1 Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 2 Unit
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins instead of 30 mins Next
More informationSecure Communications Over a Network
Secure Communications Over a Network Course: MITS:5400G Proffessor: Dr. Xiaodong Lin By: Geoff Vaughan 100309160 March 20th 2012 Abstract The purpose of this experiment is to transmit an encrypted message
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationVPN-against-Firewall Lab: Bypassing Firewalls using VPN
SEED Labs 1 VPN-against-Firewall Lab: Bypassing Firewalls using VPN Copyright c 2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation
More informationMile2 MK CPTS - Certified Pen Testing Specialist. Download Full Version :
Mile2 MK0-201 CPTS - Certified Pen Testing Specialist Download Full Version : http://killexams.com/pass4sure/exam-detail/mk0-201 D. IP Poisoning QUESTION: 234 When a network switch receives a very large
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationDKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK
DKT 224/3 DATA COMMUNICATION & NETWORK LAB 2 NETWORK PROTOCOL ANALYZER SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK Lab #2 2 Lab #2 : Network Protocol Analyzer (Sniffing and Identify Protocol used
More information::/Topics/Configur...
1 / 5 Configuration Cain & Abel requires the configuration of some parameters; everything can be set from the main configuration dialog. Sniffer Tab Here you can set the network card to be used by Cain's
More information1 TABLE OF CONTENTS UNCLASSIFIED//LES
1 TABLE OF CONTENTS 2 In troduction...3 2.1 Terminology...3 2.2 Anatomy of the Pivot...3 2.3 Requirements for a Successful Pivot...3 3 Risks and Caveats...4 3.1 Fulcrum Does Not Measure Success or Failure
More informationCOMP2330 Data Communications and Networking
COMP2330 Data Communications and Networking Dr. Chu Xiaowen (Second semester, 2009-2010 academic year) Laboratory 3 Last update: Feb-3-2009 Use Wireshark to Analyze IP Packet Objectives: (1) Use Wireshark
More informationNetworking and Health Information Exchange: ISO Open System Interconnection (OSI)
Networking and Health Information Exchange: ISO Open System Interconnection (OSI) Lecture 4 Audio Transcript Slide 1 Welcome to Networking and Health Information Exchange, ISO Open System Interconnection
More informationThe StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.
Introduction: Intended Audience The StrideLinx Remote Access Solution is designed to offer safe and secure remote access to industrial equipment worldwide for efficient remote troubleshooting, programming
More informationAdvanced Vmware Security The Lastest Threats and Tools
Advanced Vmware Security The Lastest Threats and Tools Introduction Who is VMTraining VMWARE Security around VMware What are you in for? Hold On! Does ESX really have some major issues? Recent Cases involving
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationA Visualization Tool for Wireless Network Attacks
A Visualization Tool for Wireless Network Attacks Xiaohong YUAN, Ricky L. ARCHER, Jinsheng XU, Huiming YU Department of Computer Science, North Carolina A&T State University Greensboro, NC 27411, USA ABSTRACT
More informationSniffing HTTPS Traffic in LAN by Address Resolution Protocol Poisoning
Volume 119 No. 12 2018, 1187-1195 ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu ijpam.eu Sniffing HTTPS Traffic in LAN by Address Resolution Protocol Poisoning Nagendran.K 1, Adithyan.A 1,
More informationWeb Mechanisms. Draft: 2/23/13 6:54 PM 2013 Christopher Vickery
Web Mechanisms Draft: 2/23/13 6:54 PM 2013 Christopher Vickery Introduction While it is perfectly possible to create web sites that work without knowing any of their underlying mechanisms, web developers
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationCCNP Switch Questions/Answers Securing Campus Infrastructure
What statement is true about a local SPAN configuration? A. A port can act as the destination port for all SPAN sessions configured on the switch. B. A port can be configured to act as a source and destination
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationCorso di Network Security a.a. 2012/2013. Solutions of exercises on the second part of the course
University of Parma Department of Information Engineering Corso di Network Security a.a. 2012/2013 Solutions of exercises on the second part of the course 1) Specify the name of the CHAP messages exchanged
More informationINTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET
INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET 1. INTRODUCTION Hello friends are topic is Internet and World Wide Web the most popular services of our topic is social networking and online shopping
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 7 1 Projects Groups Max 3 persons Topics Cryptography Network Security Program
More informationMicrosoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]
s@lm@n Microsoft Exam 98-367 Security fundamentals Version: 9.0 [ Total Questions: 123 ] Question No : 1 The Active Directory controls, enforces, and assigns security policies and access rights for all
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationTelnet Session Hijack
Telnet Session Hijack Last updated 9/13/2017 1 Admonition 2 Unauthorized hacking is a crime. The hacking methods and activities learned in this course can result in prison terms, large fines and lawsuits
More information