Sniffing and Evasion

A sniffing attack is when a hacker uses special tools to intercept and "listen" to the data that's traveling between different devices on a computer network. This data can include things like passwords, credit card numbers, personal messages, or other sensitive information.

ARP Spoofing

Imagine you're at a big party with all your friends. Everyone has a name and a specific location in the venue. To communicate with each other, you have a list that matches names to locations – let's call this the "Party List."

Now, imagine a sneaky person who wants to cause trouble. This person secretly alters the Party List by pretending to be someone else. They go around saying, "Hey, I'm your friend," but when others try to find their real friends, the messages get redirected to the troublemaker instead.

In computer networks, this sneaky person is called an "ARP spoofer." They manipulate the "Party List" of computers on the network by pretending to be a different computer. When any computer wants to send data to its real friend, the data gets sent to the ARP spoofer instead.

This is a dangerous attack because the ARP spoofer can intercept sensitive information, like login details or personal data, and even tamper with the data before passing it along to the actual friend. It's like the sneaky person eavesdropping on private conversations and spreading false information.

To protect against ARP spoofing, network administrators and security experts use techniques like ARP spoofing detection and secure network configurations to make sure the Party List (ARP tables) remains accurate and reliable.

Key Points

There are a number of different methods that an attacker can use to perform ARP spoofing.

1. The attacker has access to the “ARP cache” on their infected machine, which also contains other machines’ MAC addresses, but who do not have or are not using the same IP addresses as other machines with the same MAC addresses in their ARP caches.

2. The attacker does not know what method the other machines use for keeping a table of MAC addresses, and so simply sets up a network with many duplicate entries.

3. The attacker sends out forged ARP messages, trying to associate their infected machine with another machine’s MAC addresses

Coutermeasures

1. ARP spoofing is not a very effective attack, except in networks that are poorly secured.

2. In order for an attacker to use this method as a form of masquerading, they must be able to send packets directly to the network.

3. A sniffing attack is a form of attack where the attacker tries to access certain data over the network and sniffing is used as an essential task in capturing data. The term “sniffing” comes from the action of sniffing or smelling. The attacker gets hold of this information by using special software called “network analyzer”.

4. Sniffing in Hacking: it is considered to be an intrusion on your computer system without permission, without your knowledge, and without legal authorization. It’s called hacking, which can be performed by several methods.

Questions

Explain a Sniffing attack using non-technical terms.

Imagine your computer is like a mailbox where it receives and sends messages to the internet. Now, a "sniffing attack" is when a sneaky person secretly sits near your mailbox and listens to all the messages going in and out.

What are the two types of sniffing attacks and what are some pros and cons of each approach?

Passive Sniffing - is a non-intrusive form of sniffing where the attacker listens to the data traffic on a network without actively modifying or interfering with it.

Pros - It's more challenging to detect because it doesn't actively disrupt network communications / Passive sniffing doesn't generate suspicious activities, making it less likely to raise alarms / It can be useful for network analysis and troubleshooting in legitimate scenarios Cons - Since it doesn't alter the data, attackers may need more time to collect valuable information / It may not work well in heavily encrypted networks where the data is unreadable

Active Sniffing - Active sniffing involves the attacker actively inserting themselves into the network traffic to intercept and manipulate the data

Pros - It allows attackers to capture data even from encrypted connections by using man-in-the-middle techniques / Active sniffing provides more control over the captured data, making it easier to target specific information

Cons - Active sniffing is more likely to be detected because it alters the network traffic / It can disrupt network communications, potentially causing suspicion and affecting the overall network performance / Since it requires more sophistication, it may be harder for attackers to execute successfully

How does encryption protect traffic against sniffing attacks?

By using encryption, you can protect your sensitive information from prying eyes and keep your online communications secure, just like having your own secret code for sending messages to your trusted friend.