Back to Cptr427Winter2010

Network Devices

Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur.

Profiling

Profiling is used to detect and identify the devices on a network.

Dig

Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried.

Traceroute

Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet.

Profiling Countermeasures

• Be wary of what you say and where you say it.
• Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure.
• Use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes.

Service Detection

Detecting the services that are running on a network.

Nmap

Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running.

Preventing Service Detection

• The best policy is to deny all unwanted traffic at the network level.

[Dr A.: Don't ever use a single bullet element. If it is a list, add the rest of the elements. If it isn't a list, put it in a paragraph.]

Network Vulnerabilities

Physical Layer

The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections.

Data Link Layer

The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup.

Network Layer

The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking.

Counter Measures

Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!!

Questions

• What type of medium is the easiest target for Layer 1 hacking?
• What program can be used to expose any cleartext or weak passwords ?
• What is the safest way to counter ARP redirects?
• Does this method always work?
• What program can be used to bypass ssl encryption?

Answers

• T1 links (Ethernet)
• dsniff
• Manually entering MAC addresses into each switch
• No
• sslstrip