Home 0P3N Blog [Part 2] - Networking Sniffing and How to Defend Against It
Ready to Start Your Career?
Create Free Account
Antr4ck s profile image
By: Antr4ck
April 8, 2016

[Part 2] - Networking Sniffing and How to Defend Against It

By: Antr4ck
April 8, 2016
Antr4ck s profile image
By: Antr4ck
April 8, 2016
Networking Sniffing and How to Defend Against It [Part 2] - CybraryLet's continue with more information on Networking Sniffing and How to Defend Against It... UDP Scanning [-u]UDP is connectionless. Open ports may not respond to connections - ports and farms may not respond, either. But most systems respond with a ICMP_PORT_UNREACH when sending a packet on port closeure. But, this is not guaranteed, so the UDP port scanning is very unreliable. IP Camouflage [D]In order not to be drawn, or at least make it more difficult (if the scanning harbor was discovered), it's interesting to drown an IP from other packets with another source address. Adding many other IPs discourages the administrator, but it also takes longer to scan. A Little More Discretion [-T]To reduce traffic on the network, a scanning port can temporize tests on ports. Recognizing ScansBy increasing the time between scans and by drowning with multiple IP and mixing methods, you can detect such scans. But, the resources required to implement the achieved are often excessive, and other scans can be more or less discovered. Afterwards, it raises the question if the response was such an attack. SpoofingIP spoofing is used to impersonate a machine. It can modify the source address of an IP packet in hand. It's very easy in theory, but in practice, TCP is another story. The attacked machine will respond to the wrong machine...UDP is obviously easier, since there's no accused. Failure Blind SpoofingThis type of spoofing happens on a local network or, more generally, when it's possible to sniff the response of the attacked machine. Thus, the sequence numbers and accused are known. In this case, it's possible to do session hijacking (session hijacking). This requires silence the spoofed machine with a Denial of Service (DoS). The Blind SpoofingThis technique is old - and isn't running today. It required guessing the packet sequence numbers to send packets to the blind. In older versions of Windows, sequence numbers were not random so this technique was possible, which isn't the case today. Web Spoofing & Co.Phishing uses browser vulnerabilities to spoof URL e.g. - https: //www.pаypal.com displays in the address bar as https://www.paypal.com. But, in fact, it points to the domain https: //www.xn--pypal-4ve.com, where SMTP protocols and NMTP are without protection. We can send an email by posing to be anyone. The IP is stoquee in the message, but with enough socks proxies, gateways and others trace, detecting the author can become quite difficult. Thanks and I hope this will be helpful to you.By: Antr4ck
You might also enjoy Networking Sniffing and How to Defend Against It [Part 1]SaveSaveSaveSaveSave
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry