401 Reading 43 - marsecguy/reading-notes-cyberops GitHub Wiki
Sniffing and Evasion
-
Explain a Sniffing attack using non-technical terms.
- Sniffing is a method of capturing transmitted data. It can then be used by either, 1) resending that data over and over again quickly to a target machine to prevent it from doing anything else (called a denial-of-service attack), or, if the data stream contains a password, trying to use the data to hit on the right password to intrude into the system.
-
What are the two types of sniffing attacks and what are some pros and cons of each approach?
- Passive sniffing: listens and captures traffic without engaging or interfering.
- Pros: Easy to do, hard to detect, hard to stop.
- Cons: Does not advance the cyber kill chain beyond the first step until further action is taken. Cannot control what data is gathered.
- Active sniffing: actively engages with the target and traffic data.
- Pros: Can be used to gain access to the target, permitting further action along the cyber kill chain.
- Cons: Easier for defenders to detect and stop. Increased risk of getting caught and possibly prosecuted.
- Passive sniffing: listens and captures traffic without engaging or interfering.
-
How does encryption protect traffic against sniffing attacks?
- By making the captured data unusable to the attacker since they cannot read it or reuse it without the PKI authentication keys.
Source: Geeks for Geeks