I have some questions for which i am struggling to find answers,

1)I am sure most of guys knows what is an Reflective ddos and ip spoofing,I am wondering why ISP's(As far as i know )are not enabling
ingress and egress filtering on their border routers to prevent these kind of attacks originating from their network?

Because when i tested from my ISP for sending forged ip pakcets,i can able to send across my ISP network,i don't know why most ISP's does not care about these...

2)I am tired of reading tutorials on sniffing,because i personally believe the tools,tutorials we are using for sniffing is out-dated,now network security is very high these days,

they are having the following
i)arp-watches to watch deviations in mac tables of the switch or routers..

ii)modern cisco router's and switches(which are very hard to flood)

iii)Also nowadays ssl stripping is almost impossible as the companies started to validate the root certifcate by installing the client softwares on the victim pc,

iv)No more usage of hubs and unmanaged switches in the modern network

v)Presence of NIDS,NIPS,HIPS,NIPS And even presence of Some anti-virus suits like kasper-sky making our job tough...

I don't know how we can able to over-come the above difficulties and successfully sniff around a secured network,If you got any bypasses for the above security mechanisms please feel free to share here...

3)To be honest i only know sniffing from LAN,I never did sniffing over internet,I don't know how to do that,i am very much interested in understanding about sniffing Network devices over the internet,I am sure it is definitely possible,hope some 1 will link me to some nice articles for understanding this remote sniffing thing...


Hope some one will Answer my queries and guide me in a correct way..

I'd considered writing a detailed reply here, but due to time, will have to let it wait until later.  That said, though, manoj9372, I've personally been in MANY a Fortune 500 or larger account, in recent past, where many of the flaws which you're saying shouldn't be present, are, and are easily reachable / exploitable.

Fact is, although you'll have good security folks in many of these companies, too often they have too many responsibilities and systems to maintain, and they overlook or simply don't account for the obvious.  That's exactly why PCI DSS and others REQUIRE pentests and audits, to be able to help folks see what they've missed, and remediate.

Thanks for your reply sir,

If possible can you tell me what kind of issues will be created if our ISP enables ingress and egress filtering on their border routers?

If possible please link me to such documents ...


I want to ask u 1 thing sir,

tell me from you from experience sir,don't the corporates have arp watches installed on the network to monitor deviations in the mac table?

Because even we clone the mac address,it will result in causing a deviation on the mac table of the switch/router

am i right or wrong?

Also Tell me from your experience dont the IDS(i.e any HIDS.NIDS) on the networks was euipped with such a signature or pattern?

i know signatures are there,but i want to know they are actually being implemented by companys?

Also you said "There are some other things you can try. Just because things have patches available doesn't mean that they've been patched."

can you tell  them please, Atleast in a glance or in short so that i can try to research them on my free-time..

Also sir i am not looking at sniffing some ordinary network like school,college and some wifi,i am willing to try sniffing on a secured network,If my target was a low profile network,I am happy with the olden techniques,That is why i am asking here,if possible suggest me some ideas sir..



Thank you sir,

But i would like to have a brief explanation sir,Because i am looking forward to understand the things in detail,if possible reply here on your free time or when-ever possible,but if you would reply i will be glad


I think you didn't got my question correctly sir,

Assume like this you had installed a vpn client on your pc,when you click connect it will connect to the vpn server automatically ,Also in those scene i think you won't need to click some confirmation certificates,because it will be done automatically inside the client,Also sir besides sniffing a browser based ssl traffic,have you sniffed a ssl vpn traffic?

if yes i would like to have a bit of information from your experience...


You are correct here sir,but most IDS,IPS in networks don't have a signature to detect a sniffing?
just wondering,




hmmm i know about sniffing from LAN sir,in LAN sniffing we just change the mac address to the  mac address of the default gateway,And as we are on the same sub-net the switch/router's traffic pass through as and reaches the victim,but how is this possible over internet?

I don't know how it is done,if possible please link me to a tutorial on SNIFFING OVER INTERNET,...

Also believe it or not,i had seen guys who can strip the IP-SEC traffic passing between the Networks and they are decrypting the traffic pass through them and pass them with out breaking the encryption,But All i can do is only amaze,but i don't have any ideas about how they managed to do it,Because as far as i know IPSEC has verification headers...
but i don't know their logic....

This is also one of the reason that makes me much more interested in thinking about the modern sniffing methods..

hope i will find some help here


[/code][/code]

All the "sir"s makes reading your replies very difficult, but I will throw out some things for you to think about.

1) Because newer/better technology exists, that doesn't mean it is being used.  The larger the corporation, the cheaper they become.  Large corporations are focused on the bottom line.  So if old technology still functions, the people calling the shots often believe there is no reason to upgrade.  At a previous employer (of 6 years), I only recall one upgrade to the network which resulted from some legal issues.

2) Because newer/better technology is in place, that doesn't mean it has been configured properly.  I'm sure everyone has their stories of software/network appliances that was left with default configurations and (could have) allowed an attacker (pentester or malicious) to just skate past it.  An admin may not be familiar with the equipment or software.  They might just not know better or they just trust the default settings to be the "best" option.

3) Generally, there are exceptions to rules.  At previous employers, I have seen management use "their discretion" to disregard company policies.  Just an example, Manager Larry tells Admin Bob to add his personal laptop to the company network (generally a "no no").  I know this indirectly applies to your OP, but you cannot discount the human element.  

4) As hayabusa said, IT/SystemAdmins are usually very busy managing multiple systems.  Actively checking logs and monitoring systems generally is a luxury.

Those are a few things I could think of to address your concerns in your original post.  Definitely, there is some really cool technology available, but for various reason I doubt you will see it (all) applied.  You could always run a port scan on your internet facing IP not only to see what is open, but also to see if your ISP filters the traffic or send you any kind of communique.  

For sure.  Depending on the industry SIEM is not only recommended but required.  Then again, configurations and those receiving the alerts could come into play.