Sniffing MAC ADDR PORT 00 01 03 02

Подслушване (Sniffing) MAC ADDR PORT 00: 01: 03: 02 2 ARP | Who has 192. 168. 10? 0 a: bd: 10: 21 3 de: ad: be: ef 4 … ARP | is at de: ad: be: ef …

ARP мамене (Spoofing) ARP | is at de: ad: be: ef ARP | Who has 192. 168. 10?

ARP poisoning (наводняване) MAC ADDR PORT 00: 01: 00: 01 1 00: 01: 00: 02 1 00: 01: 00: 03 1 … …

Man-in-the-Middle n Attacker impersonates server ¨ Credentials n and private information can be captured SSL ¨A warning is generated but, who reads them? Sends requests to ATTACKER Sends VICTIM req to SERVER

SYN Flooding n Keeps many TCP connections in the HALF-OPEN state ¨ Resource starvation SYN | port 80 SYN | ACK | ISN# 2222 ACK #2222 | port 80 | data ACK #bbbb| data SESSION SEQ# 23012: 80 2222 12392: 25 2223 12493: 80 2224 … …

DISTRIBUTED DENIAL OF SERVICE n Totally consumes the target network’s bandwidth ¨ Resource n starvation Hard to trace ¨ Attackers use compromised machines to launch attack

Други видове мамене DHCP Spoofing n DNS Spoofing n IP Address Spoofing n E-mail spoofing n

Remote scan

Remote Scan (Passive)

Port Scan

Ping-of-Death