1MP0R7AN7 H4(K1NG 700L$

View previous topic View next topic Go down

1MP0R7AN7 H4(K1NG 700L$

Post  Nikhlesh on Thu Apr 02, 2009 6:15 am

SNIFFERS

-ARE BASICALLY SPYING TOOLS THAT CAPTURE ALL DATA PACKETS BEING SENT ACROSS THE ENTIRE NETWORK IN THE RAW FORM
Were originally developed for network troubleshooting and diagnoses purposes
-When the attacker installs the sniffer in the target system the all the dats being sent and received will be recorded in a logfile which the attacker can retrieve it later or will email it to a predefined id.
-Today sniffers are being used for corporate espionage, spying, ip theft and even password stealing.

WORKING

-In a shared Ethernet based network each system in a network has a filter which restricts the systems access to only those packets that are addressed to its mac code
-sniffers put the network interface card (NIC) of the target system in a special mode known as the promiscuous mode and removes this filter.
-This allows the sniffers to capture all the data packets in range of the compromised system

SOME GOOD SNIFFING TOOLS

TCPDUMP(ONE OF THE BEST)
ETHEREAL
DSNIFF
SNORT(ONE OF THE BEST)
SNIFFIT
ETHERCAP


COUNTERMEASURES

-CHANGE TO A SWITCHED ETHERNET NETWORK(ONLY PACKETS MEANT FOR THAT HOST REACH THE NIC)
-USE ENCRYP[TION STANDARS LIKE SSL ,SSH , IPSEC
-IT IS A GOOD IDEA TO CHECK IF THE NIC OF ANY SYSTEM IS RUNNING IN
THE PROMISCUOUS MODE
-IT IS IMP TO NOTE THAT SOPHISTICATED SNIFFERS LIKE ARPREDIRECT WORK EVEN ON SWITCHED ETHERNET NETWORKS


HOT PICKS
ANTI SNIFFING TOOLS
CHECK PROMISCUOUS MODE (CPM)
ANTISNIFF
SENTINEL



KEYLOGGERS.

-ITS BASICALLY A SPYING SOFTWARE THAT MONITORS ALL KEYSTROKES MADE BY VICTIM ON HIS SYSTEM
-COMMONLY USED FOR SPYING PURPOSES , CORPORATE ESPIONAGE AND IP THEFT


WORKING

-ATTACKER WILL SOMEHOW INSTALL THE KEYLOGGER ON VICTIMS SYSTEM
-IT THEN WORKS SECRETLY IN THE BACKGROUND AND RECORD ALL THE KEYSREOKES MADE BY THE ATTACKER IN A LOG FILE
-THE KEY LOGGER CAN BE CONFIGURED TO AUTOMATICALLY EMAIL THE LOG FILE TO HIM OR HER PERIODICALLY
-A FEW KEYLOGGERS ALSO HAVE A SPECIAL BUILT-IN OPTION OF AUTODESTRUCT


COUNTERMEASURES

-PERIODIC DETECTION PRACTICES SHOULD BE MADE MANDATORY
-A TYPICAL KEYLOGGER AUTOMATICALLY LOADS ITSELF INTO THE MEMORY EACH TIME THE COMPUTER REBOOTS
-HENCE ONE SHOULD SEARCH ALL THE START UP FILES OF THE SYSTEM AND REMOVE ANY REFERANCES TO THE SUSPICIOUS PROGRAMS
-THIS WILL REMOVE THE KEYLOGGERS FROM THE SYSTEM



TROJANS


USING TROJANS WE CAN CONTROL MOST OF THE PARTS OF THE VICTIMS COMPUTER BUT FOR THAT WE HAVE TO INSTALL A PATCH FILE OF THE TROJAN IN THE VICTIMS SYSTEM MOST PROBABLY WITH THE METHOD OD EXE BINDERS

TROJAN TOOLS
NETBUS
BACKORRIFICE
GIRLFRIEND
SUBSEVEN



COUNTERMEASURES

-USE WEB BASED PORT SCANNING.
IF U FING ANY IRREGULAR PORT OPEN THEN MOST PROBABLY A TROJAN IS INSTALLED IN UR COMP
ONE CAN REMOVE A TROJAN USING ANY NORMAL ANTIVIRUS SOFTWARE
-MONITOR START UP FILES AND PORT ACTIVITY
avatar
Nikhlesh
Admin

Posts : 24
Points : 31659
Reputation : 0
Join date : 2009-04-02
Age : 27
Location : India

http://www.h4ck3rz.ideaboard.net or http://www.logmein.h4ck3r.in

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum