[Part 2] – Networking Sniffing and How to Defend Against It

April 8, 2016 | Views: 4639

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Let’s continue with more information on Networking Sniffing and How to Defend Against It…


UDP Scanning [-u]

UDP is connectionless. Open ports may not respond to connections – ports and farms may not respond, either. But most systems respond with a ICMP_PORT_UNREACH when sending a packet on port closeure. But, this is not guaranteed, so the UDP port scanning is very unreliable.


IP Camouflage [D]

In order not to be drawn, or at least make it more difficult (if the scanning harbor was discovered), it’s interesting to drown an IP from other packets with another source address. Adding many other IPs discourages the administrator, but it also takes longer to scan.


A Little More Discretion [-T]

To reduce traffic on the network, a scanning port can temporize tests on ports.


Recognizing Scans

By increasing the time between scans and by drowning with multiple IP and mixing methods, you can detect such scans. But, the resources required to implement the achieved are often excessive, and other scans can be more or less discovered. Afterwards, it raises the question if the response was such an attack.



IP spoofing is used to impersonate a machine. It can modify the source address of an IP packet in hand. It’s very easy in theory, but in practice, TCP is another story. The attacked machine will respond to the wrong machine…UDP is obviously easier, since there’s no accused.


Failure Blind Spoofing

This type of spoofing happens on a local network or, more generally, when it’s possible to sniff the response of the attacked machine. Thus, the sequence numbers and accused are known. In this case, it’s possible to do session hijacking (session hijacking). This requires silence the spoofed machine with a Denial of Service (DoS).


The Blind Spoofing

This technique is old – and isn’t running today. It required guessing the packet sequence numbers to send packets to the blind. In older versions of Windows, sequence numbers were not random so this technique was possible, which isn’t the case today.


Web Spoofing & Co.

Phishing uses browser vulnerabilities to spoof URL e.g. – https: //www.pаypal.com displays in the address bar as https://www.paypal.com. But, in fact, it points to the domain https: //www.xn--pypal-4ve.com, where SMTP protocols and NMTP are without protection. We can send an email by posing to be anyone. The IP is stoquee in the message, but with enough socks proxies, gateways and others trace, detecting the author can become quite difficult.


Thanks and I hope this will be helpful to you.

By: Antr4ck

You might also enjoy Networking Sniffing and How to Defend Against It [Part 1]






Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Nice! 🙂

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?