Skip to main content

Featured

Honeypot & its Types

Honeypot & its Types: Honeypot is a security mechanism which records all the actions, transactions and interactions with users. They are used to track the attackers and defend the attacks. Based on their deployment types, it is classified into – Production honeypots –  Easy to use but they capture only limited information. They are placed inside production networks to improve security. Research Honeypots -Works better in gathering information about attackers. They research the threats of the organization and tries to prevent the threats. These are complex to deploy and maintain. Based on design criteria, the honeypots are classified into – Pure honeypots – Activities are monitored using the honeypot’s installed link to the network. High interaction – Multiple honeypots in a single system. More secure, difficult to detect, expensive to maintain. Low interaction – Simulate the services of attackers.
Read more

Sniffing ?

Types of Sniffing Attacks:

There are various types of sniffing attack such as –

  • LAN Sniff – The sniffer attacks the internal LAN and scans the entire IP gaining access to live hosts, open ports, server inventory etc.. A port specific vulnerability attacks happens in LAN sniffing.
  • Protocol Sniff – Based on the network protocol used, the sniffer attacks occurs. The different protocol such as ICMP, UDP, Telnet, PPP, DNS etc. or other protocols might be used.
  • ARP Sniff – ARP Poisoning attacks or packet spoofing attacks occur based on the data captured to create a map of IP address and associated MAC addresses.
  • TCP Session stealing – TCP session stealing is used to monitor and acquire traffic details between the source & destination IP address. All details such as port number, service type, TCP sequence numbers, data are stolen by the hackers.
  • Application level sniffing – Applications running on the server are attacked to plan an application specific attack.
  • Web password sniffing – HTTP session created by users are stolen by sniffers to get the user ID, password and other sensitive information.

Tools used for Packet Sniffing:

Lets see various sniffing tools used currently and widely in the industry –

  • Wireshark – Widely used network protocol analyzer to monitor network and packet flows in the network. It is free and works in multi platforms.
  • Tcpdump – It has less security risk, requires few resource only. In windows it runs as WinDump.
  • Dsniff – Used to sniff different protocols in UNIX and Linux systems only, to sniff and reveal passwords.
  • NetworkMiner – Makes network analysis simple, to detect host and open ports through packet sniffing. It can operate offline.
  • Kismet – Specifically used to sniff in wireless networks, even from hidden networks and SSIDs. KisMac is used for MAC and OSX environment.

There are various other packet sniffing tools such as EtherApe, Fiddler, OmniPeek, PRTG Network monitor and so on.

Popular Posts