Network Sniffing

Buy Shoes
 Network Sniffing  





Many network protocols were designed with the assumption that users could be trusted or that the network was trustworthy. Precautions in protocol design were not always taken for defending against network eavesdropping. Network traffic monitoring is the electronic equivalent of shoulder surfing. A network sniffer is a program, or dedicated device, capable of capturing all traffic made available to one or more network adapters. Any data sent in the clear across the network is captured and inspected for usefulness. Countless network sniffers are running throughout the Internet today.

Network sniffers are freely available in the public domain (see Anonymous, 1997 for a comprehensive list) or can be purchased as part of products such as RealSecure from Internet Security Systems. A user who has access to a personal computer connected to a network can easily install a sniffer program. Most sniffers are sophisticated enough to selectively find passwords used for network logins. The attacker does not need to monitor every packet traversing the network. Assuming that the communicating systems rely upon reusable passwords for authentication, the person sniffing network traffic can effortlessly gather passwords to be used for later attacks. No evidence of this activity will be found on the attack targets, as was the case for online brute-force attacks.

Network sniffing is not limited to watching for passwords used during the authentication phase of a network login session. Because e-mail and other document delivery systems might contain lists of passwords, it is worth the effort to capture and scan these data forms as well. Remember that a new user must acquire the initial password from the security officer in an out-of-band manner. Often, the method chosen is e-mail, especially inside of private corporate networks. Employees are often required to sign agreements declaring that they will not engage in network sniffing or scanning. Because many computer crimes include an insider, the threat of legal consequences does not always outweigh the opportunity for financial reward.

Many private corporate networks also are accessed by contract vendors, who in turn may not adhere to the same restrictions. A successful social engineering attack could land a planted a network sniffer on your network. The sniffer could periodically send passwords via e-mail to an external system. For these reasons, you should assume that passwords which are sent across a network in cleartext form have been compromised.





Copyright Manjor Inc.