• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
• White Papers & Articles
  • SQL Injection
  • Cross-Site Scripting
  • Directory Traversal
  • Public Hub Traffic
  • Modem Intruders
  • Infected Laptops
  • VPN Insecurity
  • Firewall Fallacies
• SSHredder Test Suite

Of further interest:

• NeXpose White Paper

Public Hub Traffic

The most prevalent type of network in use today is Ethernet. It is used to connect most users within an office and by home users with Digital Subscriber Lines (DSL) and cable modems. A hub is often used to connect systems within each local Ethernet network (segment). A hub is a network device that is used to distribute packets between the systems that are connected to it.

The Ethernet protocol works by using unique numbers, known as Media Access Control (MAC) addresses, to direct packets to their intended recipients. Each network card is assigned a unique number by the manufacturer. This address is then used within the Ethernet network to route packets. These addresses can be resolved dynamically using protocols such as the Address Resolution Protocol (ARP).

When a system is ready to send a packet, it locates the intended recipient's address and sends the packet to the hub. The hub then takes the packet and sends it to all the other systems connected to it. This model allows for rapid delivery of packets, but it also produces a lot of unwanted traffic, as each system receives each packet. To ease this burden, Ethernet cards filter packets before passing them on to the operating system. This is done by verifying that the incoming packet's target MAC address matches the network card's MAC address.

Is your network promiscuous?

Most network cards also support a feature known as promiscuous mode. When running in promiscuous mode, the network card does not filter on the MAC address, but instead it sends all packets to the operating system. By placing the network card into promiscuous mode, a malicious user can eavesdrop on other users in the same network segment. Since many protocols pass credentials over the network in clear text or easily deciphered schemes such as Base 64 (web servers), this poses a serious security threat. Even if the credentials cannot be cracked, other sensitive data may be accessed. For instance, most common e-mail systems use POP, IMAP and SMTP to transfer messages. These protocols transfer messages in clear text. By eavesdropping on a user reading their e-mail, the eavesdropper can also read their mail. All shared media based networks can be compromised in the same fashion, including Token Ring.

How NeXpose Helps

Sniffers or monitors are freely available tools that enable anyone to eavesdrop in this way. NeXpose includes the Network Monitor that can help you determine just how much data is available to others on your network.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact