#acl SecurityClass2010Group:read,write,admin All:read Back to Cptr427Winter2010 = Network Devices = Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur. == Profiling == Profiling is used to detect and identify the devices on a network. === Dig === Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried. === Traceroute === Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet. === Profiling Countermeasures === * Be wary of what you say and where you say it. * Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure. * Use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes. == Service Detection == Detecting the services that are running on a network. === Nmap === Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running. === Preventing Service Detection === The best policy is to deny all unwanted traffic at the network level. [Dr A.: Don't ever use a single bullet element. If it is a list, add the rest of the elements. If it isn't a list, put it in a paragraph.] == Network Vulnerabilities == === Physical Layer === The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections. === Data Link Layer === The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup. === Network Layer === The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking. === Counter Measures === Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!! === Questions === * What type of medium is the easiest target for Layer 1 hacking? * What program can be used to expose any cleartext or weak passwords ? * What is the safest way to counter ARP redirects? * Does this method always work? * What program can be used to bypass ssl encryption? === Answers === * T1 links (Ethernet) * dsniff * Manually entering MAC addresses into each switch * No * sslstrip