Course info
Oct 2, 2018
2h 21m

Pluralsight is not an official partner or accredited training center of EC-Council. There's so much an attacker can learn from simply "listening" or sniffing your network. Passwords? Check. Emails? check, and the list goes on and on. This course, Ethical Hacking: Sniffing (part of the Ethical Hacking series) will clarify the central ideas of sniffing and their utilization in hacking exercises. You'll also learn how imperative it is for security professionals to be "up" on sniffers and their methods. Furthermore, you'll be shown a plethora of instruments and procedures utilized as part of securing your network from these types of attacks. By the end of this course, you'll understand much more about sniffing and how to keep your data protected.

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

DHCP Assaults
DHCP Assaults, that just sounds like a cool title for a movie, doesn't it? DHCP is such an integrated technology throughout our network infrastructure, it is an extreme target for an attacker to get to because we can control so many things when it comes to the use of this technology. Now you guys all know that I love doing quotes before any of my presentations and I really couldn't think of one or come up with one that would relate to DHCP assaults, so instead I thought I'd just do something that was more around my thought process, and that is a famous quote by Mark Twain who said, "against the assault of laughter, nothing can stand, " which is really a life motto for me. I once read an article that said that if you can laugh while you're learning you'll actually retain information longer, and that's kind of the reason for my teaching style. So let me see if I can't assault your brain with this concept here. So when it comes to DHCP assault concepts, we're going to go through and first take a look and give you a refresher of DHCP, what its protocol is designed to do or the technology is designed to do, and why it can be an issue for us, as far as what the attacker can accomplish. We'll also go through and take a look at what we refer to as starvation. No, this isn't when you get hangry, this is where we actually deplete a DHCP server. Then we'll go through and take a look at going rogue, and what I mean by going rogue is firing up a rogue DHCP server to accomplish a certain task. You know, that would be a good name for a movie as well. Dale Meredith is Going Rogue. And we'll of course take you through and look at some countermeasures, again, I don't want you guys to feel helpless because this technology is so vital to our infrastructure, we need to be able to protect ourselves from these type of attacks. So let's get going.

Big-MAC Attacks
Okay so those of us that grew up around McDonalds back in the good old 70's before they become the worldwide phenomenon that they are now, they had an interesting commercial and let me see if I can remember the phrase here that describes a Big-MAC attack, which was, two all beef patties, special sauce, lettuce, cheese, onions, all on a sesame seed bun. But we're not going to really talk about food in this particular module, however I can't stop myself when I talk about MAC attacks, and of course, to start off any of my modules you know I like to bring out a quote. Let's take a look at what Frank Underwood said about taking that which is rightfully yours. He says, sometimes you may need to take what's rightfully yours. That's why I see the Hamburglar, see how I brought that back around again to another reference to McDonalds? I should get paid because you're all going to pause and then run and go grab something and not bring me back anything. But anyway, he says, this is why I see the Hamburglar as a hero. So if you're going to go get something, just do me a favor and can you make mine supersized. So what is a MAC? Well it's not that delicious, yeah that ain't one, that's the Mac daddy right there baby, just waiting to harden up the old arteries. But we'll go through and we'll take a look at what a MAC is. We'll also go through and take a look at the fact that MAC spelled backwards is CAM, nah that's not really what it stands for, CAM is actually a piece of memory that switches use to keep track of MAC addresses. So then we'll talk about flooding, which is what happens when I put the hose in the pool and forget to turn it off and I decide to water everyone's yard. And so I don't make you feel like all is lost, we'll take a look at the countermeasures for this Big MAC attack and it's not called a diet, which I probably should do is I'm having too many of those.

ARP Poisoning
ARP Poisoning. So, ARP poisoning is another mechanism that we can use during the sniffing process, and its capability is actually quite scary. The concept here is that we're going to trick people into doing or going some place where they don't intend to go, and we're going to do this at a computer level. I don't remember who actually said this one, I remember my father telling me this one all the time though. That is, "you can only trick people for so long, but until then, take advantage of the situation. " Now he would say this is a half-hearted way, he didn't really believe this. It always felt like to him that people were trying to do this to him. His job, he actually worked for a movie theater chain and his job was totally to go in to different areas and find where managers and employees were stealing from the company. He always told me that people thought that they came up with a new way of finding, "a way around the system" so they wouldn't be detected, but technically it was never a new way, it was just a new path using an old mechanism, and that old mechanism was just simply theft. Now, in this module we're going to through and figure out how we can poison the apple, which the apple in this case is going to be our ARP table. We'll first go through and make sure you understand what ARP is, so we'll do an ARP review. After we give you a review, we'll then go through and take a look at how we can do an ARP spoof, also known as ARP poisoning. Again, we can do this to a single machine or we can do it to an entire subnet of machines. We'll then take a look at the fact that if we're able to poison everybody's ARP table or a target ARP table, what we're able to do with that information. And then of course, I'd like to be Prince Charming and wake you from that deep sleep, I'm not going to kiss you, but I'm going to give you some countermeasures against how to protect yourself from ARP poisoning. So, come along with me my pretty. (Sinister chuckles) Kind of a manly sounding witch, huh?

DNS Poisoning
Ahh DNS poisoning, this is actually one of my favorite subjects, just in the aspect of how effective it can be. We're going to go through in this module and make sure that I stay with my quotes. I came up with this quote that I heard, I can't remember actually who it was that said it, but they said We have nothing to fear… but an attacker with your DNS cache. Oh I remember, yes, it's Mr. I. V. Ben Pwned. So we're going to go through and take a look in this module how we do name poisoning. We'll first take a look at DNS, give you a refresher on it, it's important to know how it operates and how it works. We'll then go through and take a look at how we do an intranet poisoning of DNS versus the internet poisoning of DNS. Basically it's the same thing, it's just what name resolution are you poisoning? Internal resources or external resources? And that means they'll be different attack vectors and different targets. We'll also take a look at something called proxy server poisoning, and then finally we're going to make sure that we understood the concept behind poisoning the money, no it's poisoning the cache, I just got tired of writing out cache or caché, so let's get going.

Okay so let's talk about the countermeasures for sniffing. Unfortunately this is kind of hard thing to do because sniffing or detecting a sniffer on the network, unless you've got the proper equipment, is extremely difficult. In fact, I think a very intelligent trainer once said, "Your job isn't to 'stop them'. Your job is to slow them down. " I understand this guy is extremely intelligent. And that's a real hard realization, not that this guy's really intelligent, but the fact that you can't stop them. When it comes to sniffing, it is done in such a way that many times unless you suspect that it's happening on your network you're never going to know that it's taking place. So in this module we're going to show you how to clear up the sniffing or we're going to blow your nose. We're going to first go through and show you different sniffing detection methods that we can utilize on our network. Some of these, even though they're relatively basic, they do require some software to help accomplish some tasks and, again, I've got to go back and reference the fact that you need to make sure you understand how TCP/IP actually works, and not just TCP/IP but all the underlying infrastructure, like DNS, ARP. After that, we'll go through and I'm going give you SuperDale's top 15 ways to protect you from sniffing attacks. It's called a mask, no I'm kidding. And then we're going to go through and just break out Nmap again so you can see how we can detect a machine that may be on our network that may be sniffing. So break out your hankies and let's get going.