Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Features

Network Admins And Hackers: Using The Same Tools And Methods

The scary thing for the common user is that all of the tools named above are readily available for free download - ping and arp are even standard tools in Windows. And some more automated tools, such as NetScanTools Professional, are available for purchase. To give you a taste of what's in store if the hacker has that tool, look at the screenshot below.

Network Admins And Hackers: Using The Same Tools And Methods

This toolset permits very incisive targeting by hackers, as there is a good level of inter-tool automation. That is, you can get a list of results from a net scanner, and with a right-click, get a submenu with available options for the results that you have gleaned. Thus you can very quickly and easily check a network and its attached hardware for flaws.

NetScanTools was primarily designed for the network administrator, but there is no escaping the fact that the hacker and administrator share the same toolsets.

Fatal Flaws In The SSL Secured World

I feel that a little more explanation is required about the shortcomings of SSL, especially due to its being portrayed as a panacea for Internet security. The first point to note is that SSL cannot defend you against PC desktop threats such as key loggers and screen scrapers. This is because SSL is a protocol that operates between your browser and the site server to which you are connected. Whatever you do to 'put' the information into your browser page is not protected by SSL.

For example, if you are entering your username and password into a login box, as described above, SSL does not secure you against a key logger extracting this username and password and using it to log in on a different machine. SSL doesn't even come into play until after the username and password have been entered and the browser sends the HTTP request.

SSL comes in different flavors, where the most desirable is the one where both server and client (that's you) have a certificate loaded on your respective computers. This is not very practical in many cases, because it requires you to have a copy of that certificate on any PC that you may use to connect to the site in question. Many sites do not use that policy, and in that there is a flaw.

In the former scenario, the site's own server software can authenticate that the SSL 'tunnel' starts at the site's server and terminates on your computer. Without that, we have the possibility of our previously mentioned attack known as the Man in the Middle. You can say that ARP spoofing, as described above, is a form of MITM, but the term is really reserved for situations where security protocols are being used.

MITM is an umbrella term for all kinds of hacking that involve intermediate proxies. The hacker can disrupt packets or flood a server with traffic. He can alter the contents of packets so that client side checks are circumvented, thus exposing server side software to unexpected and possibly unhandled exceptions that cause application or server crashes. This can result in the hacker stealing information and hijacking user sessions to banks and wealth management accounts.

So how can this happen?

Assume that the previous ARP attack is in place, and your associate is connecting to his bank using SSL. Your associate requests the link to his bank, which is received at your computer. You intercept the request and allow it to pass on to the bank. Now the bank's server initiates an SSL connection destined for your associate. You again intercept the traffic from the bank and terminate the SSL connection on your computer. You then separately initiate your own SSL connection to your associate.

At this point he will receive a notification that there is a difference between the SSL details received, and certified details for the bank.

Of course, you have stopped the real bank's certificate on your computer. Your associate gets the bank's actual page, but its details will not match the manufactured certificate that you have forwarded to your associate, so he will get a dialog box on the screen highlighting the anomaly. Most people ignore this prompt, however, and simply click YES to proceed. Big mistake!!!

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I am using DoH on my RT-AC68 with NextDNS and it works GREAT. I was wondering when it will be natively supported?
This is FlexQoS, a fork of the original, groundbreaking FreshJR_QOS script written by @FreshJR.FlexQoS provides a fully customizable Adaptive QoS expe...
Hi all,I would like to finally upgrade to ax network and here's my current setup:Optical modem -cat6-> Asus RT-AC88u (dual band AC1000 + 2167Mbps on g...
I have an rt-ac 3100. I need a deterrent to non-authorized devices using both wifi and ethernet. I know there is a wifi mac filter whitelist which wou...
It's been almost 2 years since I stopped regularly reviewing products. So regular readers of SmallNetBuilder have had plenty of time to develop other ...

Don't Miss These

  • 1
  • 2
  • 3