In cybersecurity, the term sniffing refers to a method of monitoring and capturing data passing through a given network (legally or illegally). Indeed, sniffing can be used by network/system administrator to monitor and troubleshoot network traffic or by hackers to steal sensitive data.
Sniffing can be performed by installing a hardware or a software in the information system, which makes it hard to detect for non professionals. Generally, a sniffing tool can steal the following data: Email traffic, FTP passwords, Web traffics, Telnet passwords, Router configuration, Chat sessions, DNS traffic.
There are different types of sniffing. Here below is a list of common method:
In this case, the sniffer attacks the internal Local Area Network (LAN). It will scan the entire IP and gain access to live hosts, open ports, server inventory, etc.
The sniffer attacks occur based on the network protocol used. Different protocols such as ICMP, UDP, Telnet, PPP, DNS, etc., or other protocols might be used.
Address Resolution Protocol Poisoning attacks or packet spoofing attacks occur based on the data captured to create a map of IP addresses and associated Media Access Control (MAC) addresses.
TCP Session stealing
Transmission Control Protocol session stealing is used to monitor and acquire traffic details between the source & destination IP address. All details such as port number, service type, TCP sequence numbers, and other sensitive data are stolen by the hackers.
Applications running on the server are attacked to plan an application-specific attack.
Web password sniffing
HTTP sessions created by users are stolen by sniffers to get the user ID, password, and other sensitive information.
Here below are some tips to avoid illicit sniffing:
Do not use public Wi-Fi networks
Avoiding public networks is a wise security choice. Public Wi-Fi networks usually lack security protocols to protect users. Hackers can easily sniff the entire network, gaining access to sensitive data.
Use a trusted VPN connection
When accessing the internet remotely, always use a trusted Virtual Private Network that encrypts the connection and masks all data from sniffers. Any sniffer attempting to monitor traffic over a VPN will only see data that has been scrambled, making it useless to the hacker.
Always use robust antivirus software
By installing effective antivirus software, organizations can prevent malware from infiltrating the network and system. Robust antivirus tools will also uncover sniffers present in the system and offer to delete them.
Check HTTPS protocols of website before surfing on websites
Before surfing the internet, look for the “HTTPS” in the address bar of a website. Some sites only indicate “HTTP.” The additional “S” at the end is an indication that the site adheres to more robust security protocols that encrypt communications and will prevent sniffers used by hackers from seeing the data.
Avoid social engineering traps
Hackers and cyberattackers will often employ phishing emails and spoofed website to trick people into unwittingly downloading sniffers. If you want to know more about phishing methods, you can check our previous article here https://www.ascentrixconsulting.com/post/how-to-recognise-and-avoid-phishing
If you feel that your Information Security Management System (ISMS) might be at risk, we can help you evaluate your Information Security and Cybersecurity risk level. Please contact us for a free consultation.