Some questions on ISP's and Sniffing Across Internet? - Network Security

mandi

I have some questions for which i am struggling to find answers,

1)I am sure most of guys knows what is an Reflective ddos and ip spoofing,I am wondering why ISP's(As far as i know )are not enabling
ingress and egress filtering on their border routers to prevent these kind of attacks originating from their network?

Because when i tested from my ISP for sending forged ip pakcets,i can able to send across my ISP network,i don't know why most ISP's does not care about these...

2)I am tired of reading tutorials on sniffing,because i personally believe the tools,tutorials we are using for sniffing is out-dated,now network security is very high these days,

they are having the following
1)arp-watches to watch deviations in mac tables of the switch or routers..

2)modern cisco router's and switches(which are very hard to flood)

3)Also nowadays ssl stripping is almost impossible as the companies started to validate the root certifcate by installing the client softwares on the victim pc,

4)No more usage of hubs and unmanaged switches in the modern network

5)Presence of NIDS,NIPS,HIPS,NIPS And even presence of Some anti-virus suits like kasper-sky making our job tough...

I don't know how we can able to over-come the above difficulties and successfully sniff around a secured network,If you got any bypasses for the above security mechanisms please feel free to share here...

3)To be honest i only know sniffing from LAN,I never did sniffing over internet,I don't know how to do that,i am very much interested in understanding about sniffing Network devices over the internet,I am sure it is definitely possible,hope some 1 will link me to some nice articles for understanding this remote sniffing thing...

Hope some one will Answer my queries and guide me in a correct way..

McKittrick

don't forget---what they did on my network years back that i have mentioned before here, proxy ARP. basically, that means the gateway responds to ALL MAC queries. so if you cannot somehow seize that for control and redirect data, you can never use MAC spoofing directly to remote caches, the subnet gateway is taking care of that. and they are usually some 7200 series edge router which can handle CAM floods rather easily

most networks will tell you they don't implement in/egress filtering simply because of the overhead involved, same thing with static ARP mappings

Xin

You cant sniff in networks your not connected to, the internet is a WAN Wide Area Network, and comprised of lots of different servers, you cannot possibly sniff these when you are not connected to them.

The most you can do is when you root a large server in a datacentre, you can sniff the other servers, thats sniffing the large proportion of the internet i suppose.

- Correct me if im wrong

mandi


You cant sniff in networks your not connected to, the internet is a WAN Wide Area Network, and comprised of lots of different servers, you cannot possibly sniff these when you are not connected to them&#46;

The most you can do is when you root a large server in a datacentre, you can sniff the other servers, thats sniffing the large proportion of the internet i suppose&#46;

- Correct me if im wrong

Actually bro,it is possible to do sniffing across internet,Also hacking in to servers and rooting
them wont do much,because when in comes to remote sniffing we need to "bypass" the router,so instead of hacking servers,we can try to hack the router and once we did that it is definitely possible to sniff the traffic,Also after searching a while found out this method ,please look out for this method "remote GRE sniffing attacks"(hope you are way better than me in these stuff),

Also bro can you please tell me where can i find source codes for IOS exploits?
because i can not able to find them in exploit-db and other sites...

Also if you know some other things on this remote sniffing,please share here bro...

Xin

said:
You cant sniff in networks your not connected to, the internet is a WAN Wide Area Network, and comprised of lots of different servers, you cannot possibly sniff these when you are not connected to them&#46;

The most you can do is when you root a large server in a datacentre, you can sniff the other servers, thats sniffing the large proportion of the internet i suppose&#46;

- Correct me if im wrong
Actually bro,it is possible to do sniffing across internet,Also hacking in to servers and rooting
them wont do much,because when in comes to remote sniffing we need to "bypass" the router,so instead of hacking servers,we can try to hack the router and once we did that it is definitely possible to sniff the traffic,Also after searching a while found out this method ,please look out for this method "remote GRE sniffing attacks"(hope you are way better than me in these stuff),

Also bro can you please tell me where can i find source codes for IOS exploits?
because i can not able to find them in exploit-db and other sites...

Also if you know some other things on this remote sniffing,please share here bro...

Thats the same concept of sniffing from a rooted server, you still need to have access to the router to do it though.

Xin

http://www.securitytube.net/Sniffing-Re ... video.aspx Try this

Howdy, Stranger!

Top Posters

Who's Online (1)