7.10 Sniffing Pen Testing

Sniffing Pen Testing

  • Sniffing pen test is used to check if the data transmission from an organization is secure from sniffing and interception attacks.
  • Sniffing pen test helps administrators to:
    • Audit the network traffic for malicious content.
    • Implement security mechanism such as SSL and VPN to secure the network traffic.
    • Identify rogue sniffing application in the network.
    • Discover rogue DHCP and DNS servers in the network.
    • Discover the presence of unauthorized networking devices.
  • Step 1: Perform MAC flooding attack
    • Perform MAC flooding attack using tools such as Yersinia and macof.
  • Step 2: Perform DHCP Starvation Attack
    • Perform DHCP starvation attack using tools such as Dhcpstarv and Yersinia.
  • Step 3: Perform Rogue Server Attack
    • Perform rogue server attack by running rogue DHCP server in the network and responding to DHCP requests with bogus IP addresses.
  • Step 4: Perform ARP Poisoning
    • Perform ARP poisoning using tools, such as Cain & Abel, WinArpAttacker, Ufasoft Snif, etc.
  • Step 5: Perform MAC Spoofing
    • Perform MAC spoofing using tools such as SMAC.
  • Step 6: Perform IRDP Spoofing
    • Perform IRDP spoofing by sending spoofed IRDP router advertisement messages.
  • Step 7: Perform DNS Spoofing
    • Perform DNS spoofing using techniques such as arpspoof/dnsspoof.
  • Step 8: Perform Cache Poisoning
    • Perform cache poisoning by sending Trojan to the victim's machine that changes proxy server settings in IE to that of attackers, thus redirecting to fake website.
  • Step 9: Perform Proxy Server DNS Poisoning
    • Perform proxy server DNS poisoning by running rogue DNS.
  • Step 10: Document all the Findings

results matching ""

    No results matching ""