4

I understand that if you are typing in sensitive info on a non SSL site, you can view that info in plain text, or at best hashed when those packets are captured.

In fact, I've gone as far as to brute force the md5 hash of a password I entered into a non encrypted page and was able to retrieve the string of that hash. So, I can understand most of that.

What I cannot find information on, is how do hackers gain access to these packets in the first place? I know that in an insecure wifi, it behaves like a hub and so with the right tools, you may capture ALL packets in range. But on a wired network, it seems the attacker would have to have control over the router, put a bump on the line, or perform arp poisoning, dns exploits etc... But is there a go-to method? How would a hacker intercept your data from outside of your lan?

Can someone explain the most common methodologies? thanks

Johnnie
  • 63
  • 1
  • 5
  • http://security.stackexchange.com/q/20168/49075 ​ http://security.stackexchange.com/q/58838/49075 ​ ​ ​ ​ –  Oct 19 '15 at 21:45

1 Answers1

6

You are correct about listening to all broadcasts on a wireless network. In a wired network (modern network with packet switching without hubs), the big threat is Man in the Middle (MitM). This can be done on the local network using Layer 2 MitM attacks like ARP Poisoning, and Layer 3 MitM attacks like HSRP or STP hijacking. The former involves spoofing MAC addresses to inject a malicious computer between your computer and the default gateway, and the latter involves exploiting weakly configured routing/switching protocols to force all network traffic through a hacker's device. On a grand scale, MitM can also be done by hijacking entire WAN segments by broadcasting a more specific BGP segment to neighboring BGP routers, or more covertly by nation states (think NSA) placing sniffers in telecom hubs. The key overall is MitM.

In addition, there are more targeted attacks against a particular network by physically splicing into a network connection using a device like the Throwing Star LAN Tap.

armani
  • 2,658
  • 19
  • 20
  • Alright thanks. But to even perform ARP poisoning or any other mitm attack, the attacker would have to have access to your network to begin with, i.e. a cable or by some other means. I guess thru social engineering\trojan type distribution they could remotely hijack a machine in your lan then do all of the above. THEN they would have to brute force any hashed\encrypted information. sounds very unlikely – Johnnie Oct 19 '15 at 21:50
  • @Johnnie the "by some other means" could be breaking your Wifi password and then using a program like wire shark they could just listen to all traffic that goes in and out your network (including devices that connect to it via Ethernet). – octo-carrot Oct 19 '15 at 22:52
  • Right, but my point is how would it be done in a network that doesn't use wifi, that has ethernet mac whitelists, no free ports available for plugging in on the lan etc... I think a trojan downloaded from teh net to hijack a computer on teh inside would have to be used. It just seems very unlikely unless you are dealing with some kind of agency, then there's no hope. – Johnnie Oct 19 '15 at 23:37