PASSWORD SNIFFERS
Elbert Hood
SEC 405
Professor Bouaffo J. Kouame, Ph.D.
10/15/2012
Password Sniffers 2 In today society everyone has passwords to get access to their cellphones, programs, home computers, online bill pay, bank accounts and so forth. It is very important that people understand the importance of ensuring that your password is safe. You can consider your password like your combination to your safe. This is where someone would keep their valuables under safe keeping. If someone would to steal your combination, imagine what information or personal possessions they would have access too. This concept also applies to your personal or business passwords. Imagine what information the criminal would have at their fingertips. Password sniffers are able to monitor all traffic on areas of a network. Crackers have installed them on networks used by systems that they especially want to penetrate, like telephone systems and network providers. Password sniffers are programs that simply collect the first 128 or more bytes of each network connection on the network that's being monitored. When a user types in a user name and a password the sniffer collects that information. Additional programs sift through the collected information, pull out the important pieces (e.g., the user names and passwords), and cover up the existence of the sniffers in an automated way. In addition to wired networks, sniffers can also be used in wireless networks. In effect, a wireless network on a corporate LAN is like putting an Ethernet jack in your parking lot. What makes this unique from a hacker's perspective is that sniffing a wireless network is probably not illegal, although it has yet to be tested in court. Sniffers like this are used every day to troubleshoot faulty equipment and monitor network traffic. Hackers can use this or similar tools to peer inside a network. However, they are not out to troubleshoot. Instead, they are out to glean passwords and other gems.
Password Sniffers 3 In addition, email clients and FTP clients do not normally encrypt their passwords; this makes them two of the most commonly sniffed programs on a network. Other commonly used programs such as Telnet, Web browsers, and news programs also send their passwords as plaintext. So, if a hacker successfully installs a sniffer on your network, he would soon have a list of passwords and user names that he could exploit. Illegal usage of sniffer is well known as its damage network security:
1. Catching password, which is the main reason for most illegal uses of sniffing tool.
2. Capturing special and private information of transactions, like username, credit ID, account, and password.
3. Recording email or instant message and resuming its content.
4. Some Sniffers even can modify target computer's information and damage system.
5. Disserving the security of network places or to gain higher level authority. With more and more negative uses of sniffer, it is ridiculous that sniffer is becoming the biggest obstacle to network security at the same time is the most important tool to defense network attacks. This type of computer crime is simple for hackers