Security Basics mailing list archives
RE: A Solution for sniffing
From: "Janssen, Steph" <s.janssen () ictk wegener nl>
Date: Fri, 20 Dec 2002 12:19:17 +0100
I'm afraid it only brings a small amount of safety. Also the Promiscous part is getting a bit different. Nowadays most people who sniff, sniff using tools that poison your arp-cache, in your switches. http://ettercap.sourceforge.net/ is a good example of these foul tools. They are to easy to use too. My hobby is lanparties, and I've seen many kids visiting using it. They don't understand a bit of what they're doing, but hey, it delevers them passwords. This makes the machine sniffing you the machine in the middle, and would it detect an ssh-connection, it wil "put you through" like a receptionist, that way maintaining two sessions. One with you, and one with the server you think you are directly connected with. There are quite some tools that are capable of detecting such things (for instance the sniffer named above), but the safest thing to do against this, is configuring your switches and such in a way you can only change your mac-adress once or twice a day. Mac-adres poisoning is done by telling switches and machines constantly you are those macs. If you locked your switches to a mac a day per port, you would loose your connection on a sniffer attempt, and that would be all you could do! :) So, the days that just ssh, or a switched network would help you out are over. I'm still waiting for good remedies, and descent anti-material, or detection for it... Though snort (http://www.snort.org/) and such tools can often easily detect the event, it's still a problem. Detection doesn't solve anything, and tracing cables and ports in switches isn't a fun and quick thing neither... Kind regards, Steph Janssen -----Oorspronkelijk bericht----- Van: Peter Letford [mailto:peter () letford co uk] Verzonden: woensdag 18 december 2002 18:31 Aan: security-basics () securityfocus com Onderwerp: Re: A Solution for sniffing Not sure but somebody else may have said this. You could employ an IP level encryption using IPSec or tunnel your data through SSH to another machine that they aren't going to be sniffing and then to the internet? Then atleast whilst you try and solve who's sniffing your packets, you will be secure Peter ----- Original Message ----- From: <fadi () lebrocks com> To: <security-basics () securityfocus com> Sent: Tuesday, December 17, 2002 10:40 AM Subject: A Solution for sniffing
Hello Folks, I think i am being sniffed by somone on my network, and i was wondering.
is
there an application to check wether i am being sniffed or not, and if i was, how can i fix that ?(like PGP for mail, what about other protocols) P.S. : Running Linux Slackware 8.1 (if that would help) cheers, Fadi R. Khouja
Current thread:
- Re: A Solution for sniffing, (continued)
- Re: A Solution for sniffing brien mac (Dec 18)
- RE: A Solution for sniffing herakel (Dec 18)
- RE: A Solution for sniffing Bruce.Orcutt (Dec 19)
- Re: A Solution for sniffing Shanon (Dec 20)
- RE: A Solution for sniffing wbjw (Dec 19)
- RE: A Solution for sniffing Jose Avila III (Dec 20)
- RE: A Solution for sniffing Jason Kohles (Dec 20)
- RE: A Solution for sniffing Jose Avila III (Dec 20)
- RE: A Solution for sniffing Anthony, Shayla (Dec 20)
- RE: A Solution for sniffing Chris Berry (Dec 20)
- RE: A Solution for sniffing Konrad Rzeszutek (Dec 20)
- RE: A Solution for sniffing Janssen, Steph (Dec 20)
- Re: A Solution for sniffing David (Dec 23)
- RE: A Solution for sniffing Chris Berry (Dec 20)
- RE: A Solution for sniffing Hay, Brennan (Contractor) (Dec 23)
- Re: A Solution for sniffing David Verty (Dec 23)