Back to Cptr427Winter2010

Network Devices

Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur.

Profiling

Profiling is used to detect and identify the devices on a network.

Dig

Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried.

Traceroute

Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet.

Profiling Countermeasures

Service Detection

Detecting the services that are running on a network.

Nmap

Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running.

Preventing Service Detection

[Dr A.: Don't ever use a single bullet element. If it is a list, add the rest of the elements. If it isn't a list, put it in a paragraph.]

Network Vulnerabilities

Physical Layer

The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections.

The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup.

Network Layer

The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking.

Counter Measures

Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!!

Questions

Answers

HackingExposedChapter07 (last edited 2010-04-26 13:02:03 by c-68-53-233-3)