Understanding Ethernet Access Devices: Key Security Threats and Packet Capture Techniques

Ethernet access devices are generally divided into two types: cable or WiFi. Regardless of whether it’s WiFi or cable, you can capture packets through the LAN, WiFi bridging on a laptop, and other methods.The most famous packet capture software is Wireshark.To capture network data packets of hardware devices involves fundamental networking skills, which requires consulting search engines on your own!Basic preparations:1. Wireshark listens to UDP port 53. Some hardware devices use domain names which need to be resolved before connecting to the server, typically using UDP 53 port; rarely, TCP 53 is used.2. Through bridging or other methods, ensure that any data packet from the hardware device must pass through the local machine. Wireshark is used with no filter to find relevant information from the captured data packets.3. Without using any tools, check DHCP, DNS, HTTP, and related records in the router management interface.The following are common IoT system security evaluation methods (!!! Please do not engage in malicious activities. I will not bear any consequences!!!)1. DDOS Attack No matter what, capturing packets will definitely yield the server’s address and port. Most devices only use one, but a few may use one for authentication and another for communication.Then various methods can be used to target this server. A single server generally requires only three to five high-performance high-bandwidth computers to achieve partial or full blockage.Based on security evaluation needs, the network debugging tool of the Super Code God can open 10,000 to 50,000 connections, continuously sending billions of data packets.Super Code God Tool XCoder (Download & Guide) http://www.newlifex.com/showtopic-260.aspxDDOS attacks produce the simplest effects because devices usually have the server address fixed. By continuously establishing connections and sending data, server resources can be quickly exhausted.Moreover, most IoT cloud platforms are very fragile, and under such illegal data attacks, can be brought close to CPU, memory, bandwidth limits, while generating a large number of error logs that deplete hard drive resources.All hardware devices fixed to point to the server will be unable to use network functions.Prevention Method: Ensure cloud platform security by dynamically allocating the servers with which devices connect.2. Relay Attack Repeatedly power the device on and off, observing data packet changes.If the packets obtained from turning the power on and off multiple times are identical, then the conditions for a relay attack are fully met.Then, simply copy the data packet content as hexadecimal characters and use a tool to quickly send a massive number of requests to the corresponding server port.For security evaluation purposes, the Super Code God tool provides this capability.The main advantage of relay attacks is that they are unfazed by any firewalls because the packets sent are all legitimate, and firewalls must allow them through!Prevention Method: Communication protocols must support sequence numbers or random numbers; the same command must ensure different packet content when sent repeatedly.The New Life Standard Network Protocol supports preventing relay attacks.New Life Team Standard Network Packet Protocolhttp://www.newlifex.com/showtopic-1550.aspx3. Business Data Interference Hardware generally has three types of communication instructions with the server: login verification, heartbeat, and business data transmission.Currently, about 90% of networked devices produced by small domestic companies lack login verification, creating the potential for business data interference attacks.These small companies have little experience in internet system development, having mostly transitioned from serial port device control, familiar with Modbus (which lacks verification), and directly perform business data passthrough, with no verification or heartbeat.Many companies lack the capability to develop networking communication modules and purchase modules from other smaller companies, the most common being serial passthrough modules.And module providers, to reduce module use complexity and enhance compatibility, will avoid implementing verification.Upon packet capture, if multiple data packets are completely identical except for changes in local data, they are very likely direct passthrough data.At this point, security evaluators can not only decode the data from the device but also forge data to send to the server.Prevention Method: Communication protocols must be encrypted, with strict identity verification; cloud platforms need to verify whether requesters are legitimate devices.4. WiFi Attack In recent years, WiFi has been very popular in smart hardware applications.Typically, WiFi modules have three usage scenarios:1. The module itself comes with some IO ports for simple on/off control. Module manufacturers would usually open up control protocols.2. Serial passthrough, whereby any data sent to the module from the microcontroller is transmitted to the corresponding cloud platform by the module, and data issued by the cloud platform can also be received through the serial port.3. On-chip development of SoC with custom protocol.Clearly, 1 and 2 are simple and easy to use, but precisely for this reason, their communication protocols lack encryption and device identity verification.Currently, 99% of modules on the market are like this, such as the popular ESP8266.So far, there has been no sighting of WiFi modules that have implemented security processes.5. Zigbee Attack Zigbee claims to be secure, but after entering the domestic market, all manufacturers modify Zigbee protocols or add different passwords due to business barriers.Zigbee modules, similar to WiFi ones, have 1 and 2 which are also very easy to attack.No matter how secure the Zigbee protocol is, communication passwords for Zigbee modules produced by the same manufacturer are entirely the same unless requested by the customer otherwise.Meaning, if security evaluators want to attack Zigbee devices or gateways, they just need to buy a module from the same Zigbee module manufacturer.6. RF Frequency Attack RF devices typically operate at 433M/315M, as the core wireless technology for the first generation of smart homes, they can only transmit a few data bits, with no encryption and no capability for encryption.Common attack methods involve designing a receiver within the frequency band to listen to control signals in wireless space, and then simply replaying to achieve the same control effect.Prevention Method: The car key uses polling code to solve this issueEnd.