Security Dose: Snooping Attack

Security Dose: Snooping Attack

In this article, we are going to talk about common security threats. As you know modern enterprise networks are no longer limited to branches and data centers. Today networks extend to everywhere for users to connect and access applications hosted in the cloud. When we talk about this network trend where perimeter does not exist, security becomes a major concern for organizations. It is very difficult to secure a network that is out of your administrative control.

Understanding different types of security threats and understanding the mitigation helps organizations maintain the confidentiality, integrity, and availability of the applications or other critical assets.

Spoof Attacks

In a normal scenario, the communication between two endpoints is simple where each packet going to have a source address and the destination address to identify the sender and the receiver of the information on the network. This is true for any kind of communication over the network.

Several attacks replace the original sender or destination information on the packet and try to overload the network by sending a packet from the source to a destination that does not exist on the network. These attacks are called spoof attacks. For instance, let’s say an attacker snoop an IP packet and replaces the Source Packet with another IP address that does not exist on the network. Once the request comes to a server, the server sends the response to the forged IP address that does not exist and then dropped eventually in the network.

Address spoofing attack!
Figure 1: Address spoofing attack!

Address spoofing applies to the layer 2 MAC address too. An attacker can spoof the MAC address and create a DHCP request for an IP address assignment. DHCP after receiving this request, reserves the IP address that will not be used in the network. This way attacker can impact the DHCP function where there is no IP left for new hosts on the network.

Features like port security, DHCP snooping, and ARP inspection can be used to prevent snooping attacks on the network. Hope you find this informative!

  Continue Reading...