Differences between revisions 3 and 4
Revision 3 as of 2010-03-03 16:46:31
Size: 3175
Editor: fl-71-55-249-138
Comment:
Revision 4 as of 2010-03-08 16:38:59
Size: 3213
Editor: host-216-249-123-232
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
=Network Devices= Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur. ==Profiling== Profiling is used to detect and identify the devices on a network. ===Dig=== Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried. ===Traceroute=== Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet. ===Profiling Countermeasures=== • Be wary of what you say and where you say it. • Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure. • Use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes. = Network Devices =
Line 7: Line 7:
==Service Detection== Detecting the services that are running on a network. ===Nmap=== Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running. ===Preventing Service Detection=== • The best policy is to deny all unwanted traffic at the network level. Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur.
Line 9: Line 9:
==Network Vulnerabilities== ===Physical Layer== The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections. ===Data Link Layer=== The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup. ===Network Layer=== The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking. ===Counter Measures=== Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!! == Profiling ==
Profiling is used to detect and identify the devices on a network.

===Dig===
Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried.

===Traceroute===
Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet.

===Profiling Countermeasures===
• Be wary of what you say and where you say it.
• Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure.
• Use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes.

==Service Detection==
Detecting the services that are running on a network.
===Nmap===
Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running.
===Preventing Service Detection===
• The best policy is to deny all unwanted traffic at the network level.

==Network Vulnerabilities==
===Physical Layer==
The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections.
===Data Link Layer===
The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup.
===Network Layer===
The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking.
===Counter Measures===
Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!!

Back to Cptr427Winter2010

= Network Devices =

Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur.

== Profiling == Profiling is used to detect and identify the devices on a network.

===Dig=== Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried.

===Traceroute=== Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet.

===Profiling Countermeasures=== • Be wary of what you say and where you say it. • Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure. • Use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes.

==Service Detection== Detecting the services that are running on a network. ===Nmap=== Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running. ===Preventing Service Detection=== • The best policy is to deny all unwanted traffic at the network level.

==Network Vulnerabilities== ===Physical Layer== The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections. ===Data Link Layer=== The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup. ===Network Layer=== The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking. ===Counter Measures=== Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!!

HackingExposedChapter07 (last edited 2010-04-26 13:02:03 by c-68-53-233-3)