Packet Sniffing Prevention

Blocking a Wireless Sniffer-Public Connection

• Disable the automatic connection feature in wireless settings
• Configure a firewall that is automatically installed with Window updates. Enhance the strength of the firewall and increase security settings to “block all incoming connections”
• Confirm the public network’s home page includes a privacy policy. (Networks that use encryption to protect other users from accessing files on the computer will come complete with a privacy policy. Networks that don’t have a privacy statement on the home page do not use encryption.)
• Use sites with ‘https’ at the beginning of the URL instead of ‘http’. The ‘s’ = security

Tips to Defend against Sniffing

• Restrict the physical access to the network media to ensure that a packet sniffer is not able to be installed
• Use encryption to protect confidential information
• Permanetly add MAC address to the gateway to the ARP cache
• Use static IP and static ARP table –prevents attackers from adding the spoofed ARP entries
• Turn off network identification broadcast and restrict the network to authorized users
• Use IPv6 instead of IPv4
• Use encrypted sessions like: SSh, SCP, SSL
• Use security :PGP and S/Mipe, VPN, IPsec, TLS and OTP

Packet Sniffing Prevention

• Best way – Use Encryption
• Secure Socket Layer –encapsulates data with help of original certificates and digital signatures
• IP Security- adds security at packet level. (each packet has a header is encrypted which contains the major information like addresses)
• PGP and MIME: Commonly used Email services. As emails are stored for extended periods, it is best to use them so emails don’t end up in wrong mailboxes.
• VPN (Virtual Private Network – provide encrypted data across the Internet. They are more secure, but if hacked the data may be seen even before encryption.

Anti-Sniffing Tools

• Scan networks to determine if any NICs are running a promiscuous mode
• Run tools regularly
• They act as an alarm triggered by evidence of a sniffer

Crime - Three International Hackers Indicted for “Sniffing” Payment Card Numbers - 5/14/2008

• Hacked electronic cash registers of US restaurant Dave and Busters (D&B) between May and August of 2007
• Stole credit and debit card numbers
• Cost of New York store at least $600,000 and 5,000 credit/debit card numbers stolen
• Illegal accessed 11 national chain servers by installing packet sniffers at each location
• The sniffers “vacuumed up Track 2 data from credit card magstripes as it traveled from the restaurants servers to D&B’s headquarters in Dallas, TX.”
• Track 2 data comprises only the credit/debit card’s numbers, expiration date and security code.
• Names or other personally identifiable information like social security number or bank account numbers were revealed.
• Ken Pappas, security strategist at Top Layer Networks, states the breaches occur as retailers fail to encrypt the card data at the point of the swipe.
• Pappas stated companies don’t encrypt card number sent from cash registers until they reach a centralized location, headquarters. At headquarters they are encrypted and sent to third party for verification. Recommendation: invest in point of swipe encryption.

Sources http://www.ehow.com/how_7354230_block-wireless -sniffer.html

http://luizfirmino.blogspot.com/2011/09/how-tdefen-against-sniffing.hmtl

http:// www.symantec.com/connect/articles/sniffers-what-they-are-and-how-protect-yourself

http://www.securitymanagement.com/news/three-international-hackers-indicted-sniffing-p…