Back to Cptr427Winter2010
=Network Devices= Network devices separate, connect, or expand networks e.g. repeaters, hubs, bridges, routers, switches and gateways. It is on the network level that the most potential information breaches occur. ==Profiling== Profiling is used to detect and identify the devices on a network. ===Dig=== Dig is used to gather information about a target's domain names by performing DNS lookups and displaying the answers that are returned from the name servers that were queried. ===Traceroute=== Traceroute is used to view routers between yourself and a destination host. It sends out several packets to the destination, sets the first packet's TTL (Time To Live) to 1 and increases it for each hop discovery. When the packet traverses the router, its TTL is decreased by 1. If the TTL ever hits zero, the packet is dropped. A notification is sent back to the originating source host in the form of an ICMP error packet. ===Profiling Countermeasures=== • Be wary of what you say and where you say it. • Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure. • Use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes.
==Service Detection== Detecting the services that are running on a network. ===Nmap=== Using nmap an attacker can find out which ports a router is listening on and can also help to determine what type of router the victim has running. ===Preventing Service Detection=== • The best policy is to deny all unwanted traffic at the network level.
==Network Vulnerabilities== ===Physical Layer== The easiest target for Layer 1 hacking are T1 Links (Ethernet), the hardest being Fiber. An Attacker could setup a man-in-the –middle device(low end router) and capture all outside connections. ===Data Link Layer=== The layer where the electrical impulses from the physical layer have MAC address associated with them. Switching technology works by building up a large table of Media Access Control (MAC) addresses and sending the packets to intended destination and is almost not seen by anyone else. It is possible to provide packet-capturing capabilities on switched media. For example: dsniff by Dug Song can capture traffic on switched media by redirecting all the traffic from a specified host through the sniffing system and is very easy to setup. ===Network Layer=== The network layer of OSI model is responsible for packet delivery. At the start of every TCP session a SYN packet is sent. The first SYN packet contains an initial random number called a sequence number . Every packet in the TCP session follows in "sequence," increasing by one each time. If the sequence number can be guessed, spoofed packets can easily be injected, leading to a data compromise, denial of service, or session hijacking. ===Counter Measures=== Manually entering MAC addresses into each switch is the safest ARP Redirect countermeasure. On Windows you can set static default gateways. Encrypt all your traffic!!