• Images
• Videos
• Documents
• Books
• Articles

General

Sniffing attacks can be compared to tapping of phone wires and get to know about the conversation, and for this reason, it is also referred as wiretapping applied to computer networks. Using sniffing tools, attackers can sniff sensitive information from a network, including email (SMTP, POP, IMAP), web (HTTP), FTP (Telnet authentication, FTP Passwords, SMB, NFS) and many more types of network traffic. The packet sniffer usually sniffs the network data without making any modifications in the network's packets. Packet sniffers can just watch, display, and log the traffic, and this information can be accessed by the attacker.³

Prevention

To prevent networks from sniffing attacks, organizations and individual users should keep away from applications that are using insecure protocols, like basic HTTP authentication, File Transfer Protocol (FTP), and Telnet. Instead, secure protocols such as HTTPS, Secure File Transfer Protocol (SFTP), and Secure Shell (SSH) should be preferred. In case there is a necessity for using any insecure protocol in any application, all the data transmission should be encrypted. If required, VPN (Virtual Private Networks) can be used to provide secure access to users.⁴

See also

• Cloud computing security
• Cyber security standards
• Data loss prevention software
• Network Security Toolkit
• Wireless security

References

1. "Types of attacks - Sniffer Attack". Omnisecu.com. OmniSecu. Retrieved 11 September 2017. http://www.omnisecu.com/security/sniffer-attack.php ↩

2. "Common Types of Network Attacks". Technet.microsoft.com. Microsoft. 18 July 2012. Retrieved 11 September 2017. https://technet.microsoft.com/en-us/library/cc959354.aspx ↩

3. "Packet sniffing". Colasoft.com. Colasoft. Retrieved 11 September 2017. http://www.colasoft.com/resources/packet_sniffing.php ↩

4. "What is a Wireless Sniffer?". Veracode.com. Veracode. Retrieved 11 September 2017. https://www.veracode.com/security/wireless-sniffer ↩