lab8 - Lab 8 Hacking Techniques ( (Part III) ) By y Alan S...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
ab 8 Lab 8 Hacking Techniques (Part III) By Alan S H Lam IEG 7006 (2010) 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 8: Hacking Techniques Lab 8: Hacking Techniques Outlines Sniffer TTPS Cookie Stealing HTTPS Cookie Stealing Main-in-the-middle attack by DNS Poisoning DNS Hijacking ARP Poisoning harming Attack Pharming Attack WLAN Sniffing and WEP Cracking Deny of Service Attack Back Door Establishment Real cases studies IEG 7006 (2010) 2
Background image of page 2
ab 8: Hacking Techniques Lab 8: Hacking Techniques niffer Sniffer Sniffer refers to a wiretap that eavesdrops on computer networks. You have to be between the sender and the receiver in order to sniff traffic IEG 7006 (2010) 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 8: Hacking Techniques Lab 8: Hacking Techniques niffer Sniffer A packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic. Like a telephone wiretap allows the FBI to listen in on other people's conversations, a "sniffing" program lets someone listen in on computer conversations. IEG 7006 (2010) 4
Background image of page 4
ab 8: Hacking Techniques Lab 8: Hacking Techniques niffer Sniffer Components of a packet sniffer The hardware Capture driver Buffer Real-time analysis Decode acket editing/transmission Packet editing/transmission IEG 7006 (2010) 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
TTPS Cookie Stealing HTTPS Cookie Stealing Although the cookie transmission is protected by the SSL in HTTPS, attacker can trick the victim client to exposure is/her cookie used in the SSL and then his/her cookie used in the SSL and then hijack his/her login session accordingly. ee the demo of stealing HTTPS Cookie See the demo of stealing HTTPS Cookie by surface in backtrack IEG 7006 (2010) 6
Background image of page 6
Man in the Middle Attack By poisoning the victim DNS server, arp cache, or host file, attacker can redirect the traffic of a legitimate site to the attacker erver where the attacker can sniff password information even in server where the attacker can sniff password information even in the HTTPS connection. genuine web The victim thought that he is talking to the legitimate site server Victim PC Actually, the victim is talking to the y, g attack server Attacker server which sniff the password information and IEG 7006 (2010) 7 proxy the HTTPS traffic between the victim and legitimate web server
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DNS Poisoning Recalling the steps of DNS query: 1. The client will contact its configured DNS server and ask for target domain to be resolved. This query will ontain information about the client’s source UDP contain information about the client s source UDP port, IP address and a DNS transaction ID. 2. The client’s DNS server since it is not authoritative for the target domain will through recursive queries via the Internet root DNS servers contact the target omain DNS server and get an answer for the query domain DNS server and get an answer for the query.
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 51

lab8 - Lab 8 Hacking Techniques ( (Part III) ) By y Alan S...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online