![[Part 2] - Networking Sniffing and How to Defend Against It](https://images.ctfassets.net/kvf8rpi09wgk/3tpSXLMbs6D0bXlTw8UucK/2d648c6dd1981c3fca93f5c03ea36bc7/blog-default.jpg?w=500&q=55&fm=webp)
Ready to Start Your Career?
By: Antr4ck
April 8, 2016
[Part 2] - Networking Sniffing and How to Defend Against It
By: Antr4ck
April 8, 2016
![Networking Sniffing and How to Defend Against It [Part 2] - Cybrary](https://www.cybrary.it/wp-content/uploads/2016/06/blue-wave-cybrary.jpg)
Let's continue with more information on Networking Sniffing and How to Defend Against It... UDP Scanning [-u]UDP is connectionless. Open ports may not respond to connections - ports and farms may not respond, either. But most systems respond with a ICMP_PORT_UNREACH when sending a packet on port closeure. But, this is not guaranteed, so the UDP port scanning is very unreliable. IP Camouflage [D]In order not to be drawn, or at least make it more difficult (if the scanning harbor was discovered), it's interesting to drown an IP from other packets with another source address. Adding many other IPs discourages the administrator, but it also takes longer to scan. A Little More Discretion [-T]To reduce traffic on the network, a scanning port can temporize tests on ports. Recognizing ScansBy increasing the time between scans and by drowning with multiple IP and mixing methods, you can detect such scans. But, the resources required to implement the achieved are often excessive, and other scans can be more or less discovered. Afterwards, it raises the question if the response was such an attack. SpoofingIP spoofing is used to impersonate a machine. It can modify the source address of an IP packet in hand. It's very easy in theory, but in practice, TCP is another story. The attacked machine will respond to the wrong machine...UDP is obviously easier, since there's no accused. Failure Blind SpoofingThis type of spoofing happens on a local network or, more generally, when it's possible to sniff the response of the attacked machine. Thus, the sequence numbers and accused are known. In this case, it's possible to do session hijacking (session hijacking). This requires silence the spoofed machine with a Denial of Service (DoS). The Blind SpoofingThis technique is old - and isn't running today. It required guessing the packet sequence numbers to send packets to the blind. In older versions of Windows, sequence numbers were not random so this technique was possible, which isn't the case today. Web Spoofing & Co.Phishing uses browser vulnerabilities to spoof URL e.g. - https: //www.pаypal.com displays in the address bar as https://www.paypal.com. But, in fact, it points to the domain https: //www.xn--pypal-4ve.com, where SMTP protocols and NMTP are without protection. We can send an email by posing to be anyone. The IP is stoquee in the message, but with enough socks proxies, gateways and others trace, detecting the author can become quite difficult. Thanks and I hope this will be helpful to you.By: Antr4ckYou might also enjoy Networking Sniffing and How to Defend Against It [Part 1]
