=Users Basic Security Guide=

=Sniffer Attacks=
Assembled/Written by reptile
The c0re team

Note: This is a small paper i wrote up on Sniffer Attacks. Hopefully the

reader will get a better idea of how hackers can use this method to steal
data from a network and how it may be prevented. In no way was this paper
written in a technical manner. It was written for the newbie in mind. :)

---------> Users Basic Security Guide : Sniffer Attacks

1. Introduction To Sniffing Attacks

2. Sniffer Attack against TCP
3. Prevention of Sniffer attacks
4. The Masquerade Attack

Section 1: -> Introduction To Sniffing Attacks

"Sniffing" is observing packets passing by on a network. Sniffing is a

popular way to steal data from a network, usually in form of passwords,
ID names, etc. Passive attacks using this method has become frequent on
the internet. The person who is sniffing a network obtains data by
actually sniffing the network for packets. The data is usually cached
thus hackers look for user ID and the password of a legitimate user and
uses the user's information to log on to the network.Once logged into the
network, the hacker sniffs transmissions of packets. With this method the
hacker can gather needed information about the network.

Section 2: -> Sniffer Attack against the Transport Control Protocol

There is a method hackers use in which the attack lets a hacker redirect
the TCP stream through the hacker's machine. Once the hacker has
redirected the TCP stream, the hacker can bypass a systems protection.
(eg: one-time password, Ticketing auth). Remember that a Transport Control
Protocol packet may travel over many systems before reaching the
destination system. With a sniffer and a generator a person could easily
access many packets.

Section 3: -> Prevention of Sniffer attacks

Some ways System Administrators can prevent this kind of attack is to be

tight on security. Identification schemes is one way. one-time password or
ticketing authentication are some. They ensure corporate systems are
protected from Internet attacks. Deploy a firewall between these systems
and the Internet to guard against network scans and intrusions. Although
these methods may make it more difficult for the hacker, both methods
risk attack. My advice is to encrypt and sign the data stream. There are
programs out there that provide encrypted TCP streams.

Section 4: -> The Masquerade Attack

The Masquerade attack is when a hacker initiates a session by sending a

SYN packet to a server using the clients IP address as the source address.
If it is a trusted host the server will acknowledge the SYN packet with a
SYN/ACK packet. The hacker will then acknowledge the servers SYN/ACK packet
with his own. As long as the hacker can predict the SYN/ACK packet it
therefore can acknowledge it. The hacker cannot recieve the data from the
server but he can send data which is enough to compromise the host.

Also if the host is offline the hacker cannot use this attack to establish
a full TCP connection with the server. This method is good because the
attack is invincible to the user.