Packet Sniffing

Overview

Packet sniffing is the technique which can be used for intercepting and viewing communications between users and websites. This gives the attacker access to any data sent between the user and website. By utilising the data the attacker may be able to defraud the user, and take control of the user’s account.

What makes a site vulnerable?

Sites are vulnerable to packet sniffing if they communicate with users using unencrypted data (HTTP requests, email, etc.). An attacker may be able to intercept and view the data in transit between the user and website.

Impact of the attack

The attack potentially allows the attacker to discover any information sent between the user and the website. This may include usernames and passwords, credit card information, session ids, etc. This could be used to take control of the user’s account, and to defraud the user. 

Preventing the attack

Packet sniffing attacks can be prevented masking the ‘scent’ of the data via encryption. This can be done using SSL, as well as various encryption services for other forms of communication such as email. Note that it is important to disable entirely the insecure forms of communication, or else an attacker may be able to trick a user into connecting to the site without establishing the encrypted connection (e.g. linking to the site via http rather than https).