Attack Examples
Reconnaissance attacks

Reconnaissance attacks can consist of the following :

  • Packet sniffers
  • Port scans
  • Ping sweeps
  • Internet information queries

A malicious intruder typically ping sweeps the target network to determine which IP addresses are alive . After this, the intruder uses a port scanner to determine what network services or ports are active on the live IP addresses . From this information, the intruder queries the ports to determine the application type and version, as well as the type and version of operating system running on the target host. Based on this information, the intruder can determine if a possible vulnerability exists that can be exploited.

Using, for example, the nslookup and whois utilities, an attacker can easily determine the IP address space assigned to a given corporation or entity . The ping command tells the attacker what IP addresses are alive.

Network snooping and packet sniffing are common terms for eavesdropping. Eavesdropping is listening in to a conversation, spying, prying, or snooping. The information gathered by eavesdropping can be used to pose other attacks to the network.

An example of data susceptible to eavesdropping is SNMP version 1 community strings, which are sent in clear text. An intruder could eavesdrop on SNMP queries and gather valuable data on network equipment configuration. Another example is the capture of usernames and passwords as they cross a network.

Types of Eavesdropping
A common method for eavesdropping on communications is to capture TCP/IP or other protocol packets and decode the contents using a protocol analyzer or similar utility . Two common uses of eavesdropping are as follows:

  • Information gathering – Network intruders can identify usernames, passwords, or information carried in the packet such as credit card numbers or sensitive personal information.
  • Information theft – Network eavesdropping can lead to information theft. The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. Examples include breaking into or eavesdropping on financial institutions and obtaining credit card numbers. Another example is using a computer to crack a password file.

Tools Used to Perform Eavesdropping
The following tools are used for eavesdropping:

  • Network or protocol analyzers
  • Packet capturing utilities on networked computers

Methods to Counteract Attacks
Three of the most effective methods for counteracting eavesdropping are as follows:

  • Implementing and enforcing a policy directive that forbids the use of protocols with known susceptibilities to eavesdropping
  • Using encryption that meets the data security needs of the organization without imposing an excessive burden on the system resources or the users
  • Using switched networks

Encrypted Data
Encryption provides protection for data susceptible to eavesdropping attacks, password crackers, or manipulation. Some benefits of data encryption are as follows:

  • Almost every company has transactions, which, if viewed by an eavesdropper, could have negative consequences. Encryption ensures that when sensitive data passes over a medium susceptible to eavesdropping, it cannot be altered or observed.
  • Decryption is necessary when the data reaches the router or other termination device on the far receiving LAN where the destination host resides.
  • By encrypting after the User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) headers, so that only the IP payload data is encrypted, Cisco IOS network-layer encryption allows all intermediate routers and switches to forward the traffic as they would any other IP packets. Payload-only encryption allows flow switching and all access-list features to work with the encrypted traffic just as they would with plain text traffic, thereby preserving desired quality of service (QoS) for all data.

Web Links