There are a couple of different things that can be done to secure against ip address capturing. The first thing is to have a system in place to catch anyone who is with a protocol analyzer on network. At first it may seem impractical to catch someone using a protocol analyzer since a protocol analyzer passively listens to network traffic.
The Bait
The key in catching someone via protocol analyzer is to watch DNS name resolutions. Setting up a bait machine on network. The machine doesn’t really have to do anything other than run Windows. The catch is not to tell anyone of this machine’s existence. Because nobody knows that the machine exists, and the machine isn’t doing anything, then nobody should have any explanation to communicate with the machine. Moreover, since the machine is running Windows, it will send out the occasional packet. Generally, the machines on network will be entirely oblivious to this packet. Though, a protocol analyzer will observe that traffic is coming from an unknown host on the network. The protocol analyzer will then execute a DNS query to try to determine the machine’s identity. Usually, nobody should have any reason to be making DNS queries about bait machine, so these types of queries are almost always analytical of someone running a protocol analyzer or other hacking tool.
IPSec
One more way that can protect network against these types of attacks is to use IPSec to encrypt network traffic. The difference is that IPSec’s entire job is to secure data flowing above the network. Before a session can even be encrypted, IPSec insists on shared authentication. What this means is that if Computer A want to securely spread a packet to Computer B, IPSec would need both machines to show their identities before it would authorize the session.
IPSec also takes actions to insure that packets are not tampered with in transfer. A hacker can transform much more than a packet’s address although. For e.g., imagine that a hacker know that Computer A was going to send an important E-mail message to Computer B. The hacker might run a denial of service attack against Computer B to stop them from receiving the message. In the meantime, the hacker intercepts the message and changes it to make it appear like the guy at Computer A said something totally different than what the original message said. The hacker after that ends the denial of service attack against Computer B and sends the modified packets. The outcome is that the person at Computer B receives a fraudulent E-Mail message that looks authentic.
IPSec can defend against packet modification. IPSec calculates a verify sum value based on the packet’s original contents. If the packet is modified, then the checksum value becomes unacceptable and IPSec knows that the packet has been tampered with. IPSec even defend against repeat attacks. Each IPSec packet is assign in a sequence number. If a hacker tries to replay an IPSec encrypted packet, then the sequence number will not fit into the existing packet sequence and IPSec will know that the packets are unacceptable.
Deploying IPSec on network can very much improve network’s security. First, IPSec requires a network to have a certificate server in position. Windows Server 2003 can be configured to work as a certificate authority, but a dedicated server is required. Technically, a dedicated server is not an absolute necessity for a certificate authority, but running any other services on a certificate server is a very bad idea as of a security standpoint.
Another thing is that IPSec does put an additional burden on network. Additional CPU cycles are required to perform the encryption and decryption process, and IPSec encryption generally increases the volume of traffic that’s flowing across the network. One way of lessening this additional burden though is to use IPSec enabled NIC cards. These NICs offload the encryption and decryption procedure from the machine’s CPU.One last thing that needs to know about IPSec is that not all operating system supports it.
Online Technical Support 
Leave a comment