[WEB4LIB] packet sniffing by the unauthorized

HIS his at virtuallibrarian.com
Wed Jan 26 10:28:32 EST 2000 

Hello.

Depending on which side of the firewall your person is scanning from will
result in how you go about finding out who is penetrating your network.  

You need to determine who the offender is by examining their incoming IP
address.  Check out several of the Intrusion Detection software packages to
find out who and what.  Back Officer Friendly is cheap and extremely
useful. http://www.nfr.net/products/bof/  There is also BlackIce by Network
Ice.  Also cheap and winning awards for it's prolific design and
usefulness.  http://www.netice.com/Products/DEFAULT.HTM

It's up to you what you do with the student once you catch them.  I'm for
public dunking.  You should take this very seriously, and not stall on
action.  The damage that can be done by this individual can be catastrophic
if they get enough passwords, or the right passwords (administrators,
network administrators, etc.)

I hope that helps, if I can be of further assistance feel free to contact
me directly.  I have some experience in these matters, and with this
software.  Computer Crime and Network Security are my subject spaciality.


Cynthia Hetherington, MLS
Senior Technology Librarian
Englewood, NJ
201-568-2215 x230

At 06:29 AM 1/26/2000 -0800, John West wrote:
>Our college's computing department is concerned that someone on campus has
>been using packet sniffing software to determine other people's passwords.
>This may not have been done maliciously, but just because it can be done.
>However, we have a network policy that is explicit about doing such things.
> Unfortunately, like driving through traffic lights and stop signs, unless
>there is someone in the way or a police officer sees the offense, there is
>little that we are able to do to detect this.
>
>Have any of you had to deal with this problem and if so, how have you done
>so?  Is there a hardware/software solution to making this activity harder
>to do?  Is there anyway to find out if someone is doing this on the network
>and can the offender be pinpointed in someway?
>
>I am sending this to several lists, so I apologize for any duplication.
>Please email me directly, jwest at austinc.edu.
>
>Thanks,
>
>
>
>John R. West             "always the beautiful
>Assoc. College Librarian/ answer who asks a 
>Systems Administrator     more beautiful 
>Abell Library Center      question..." 
>Austin College              Edward Estlin Cummings
>900 N. Grand Avenue       "If they can get you to 
>Sherman, TX  75090-4440   ask the wrong questions
>phone: 903-813-2536       then they don't need to
>fax: 903-813-2297         worry about the answers."
>e-mail:jwest at austinc.edu     Thomas Pynchon
>
>
>
>

More information about the Web4lib mailing list