loader gif

A Quick Guide to Sniffing Attacks

dog,sniffing,puppy,hound,outdoors,and,animal,animals,brown,canine,care,cheerful,curiosity,cute,domestic,eyes,following,horizontal,indoors,interest,looking,maremman,nose,pets,playful,portrait,purebred,sitting,sunflare,track
  • Sniffing attack is the process of illicitly capturing and decoding data packets that pass through a network.
  • This attack is usually launched to harvest bank information, account credentials, and perform identity thefts.

Sniffing is commonly performed by system administrators to troubleshoot or analyze the network. Hackers abuse this technique to perform cyber attacks.

How does it work?

The Network Interface Cards (NICs) by default ignore any traffic that is not addressed to them.

  • Sniffing attacks involve turning the NICs to promiscuous mode. This enables the NICs to receive all the traffic on the network.
  • By decoding the encapsulated information in the data packets, sniffers can listen to all the traffic through the NICs.
  • Weakly encrypted data packets make sniffing attacks easier to perform.

Types of sniffing

There are two types of sniffing - active and passive.

  • Active sniffing involves injecting address resolution protocols (ARPs) into a network to flood the switch content address memory (CAM) table. This, in turn, will redirect legitimate traffic to other ports, allowing the attacker to sniff traffic from the switch.
  • Active sniffing techniques include spoofing attacks, DHCP attacks, and DNS poisoning among others.
  • Passive sniffing involves only listening and is usually implemented in networks connected by hubs. In this type of network, the traffic is visible to all hosts.

Example

JavaScript card sniffing attacks have been observed to be on the rise recently. Targeted at Magneto and other online store platforms, these attacks involve injecting a piece of malicious script in pages that deal with transactions.

  • The script secretly listens for the user’s card details and sends them to an attacker-controlled server.
  • The malicious code that is injected is believed to be available for sale in underground hacking forums.
  • These attacks are said to be carried out by the Magecart group.
  • The stolen card information is sold online on the dark or deep web. Individuals or groups specializing in money laundering buy this information.
  • Ticketmaster and Feedify are few of the victims of this sniffing campaign.

Prevention techniques

Sometimes, sniffers may go undetected for long periods of time. This can lead to the compromise of a lot of information over time. To keep the threat at bay, you can take a few measures.

  • Don’t connect to public Wi-Fi networks. Attackers leverage such networks to listen to traffic.
  • Encrypt all the data that is sent from your system, especially emails with sensitive data.
  • Perform regular monitoring of networks and systems to check for intruders.
loader gif