[WEB4LIB] Re: packet sniffing by the unauthorized

HIS his at virtuallibrarian.com
Wed Jan 26 15:19:45 EST 2000 

Eric.

I disagree, but only because I think we're talking semantics here.

Sniffers are professionally used by administrators to manage netork
traffic.  The one I most familiar with and have had training on is Cybercop
by Network Associates.  A tool like NA's Sniffer program can capture all
traffic including encrypted strings.  (No, it doesn't unencrypt, but simple
freeware password encryption programs can open them up in minutes).

Snooping and Trolling are takeoffs of protocol analyzing.  It's all still
the same program essentially though.  The most recent famous network
analyzer that was causing quite a stir (because it initiated as a Trojan)
was Back Orifice.  It's excellent in capable hands and a nuisance in
capable bad-guy hands.

If you have something like Back Officer Friendly on your computer, you can
detect when your being probed.  Grab your log files for that day and start
the IP hunt.  Not that difficult if you have access to the logs, etc.

You can also try Antisniff.  http://www.l0pht.com/antisniff/

I think we're sending out different answers because we don't really know
the network setup.  What kind of routers, hubs, OS, etc.  Different tools
for different toys.

Regards,
Cynthia Hetherington
Senior Technology Librarian
Englewood, NJ


At 08:44 AM 1/26/2000 -0800, Eric Hellman wrote:
>I think Cynthia is confusing sniffing for snooping and trolling.
>
>Packet sniffing is undetectable unless you have access to the machine 
>doing the sniffing. This is why you should never send critical 
>passwords in the clear. For example, mail servers should always be 
>set to "require APOP authentication".
>
>There are many good reasons people might have for packet sniffing. 
>Debugging networks requires it; defense against hackers is another. 
>All fire walls do packet sniffing.
>
>Eric
>
>
>At 7:29 AM -0800 1/26/00, HIS wrote:
>>Hello.
>>
>>Depending on which side of the firewall your person is scanning from will
>>result in how you go about finding out who is penetrating your network.
>>
>>You need to determine who the offender is by examining their incoming IP
>>address.  Check out several of the Intrusion Detection software packages to
>>find out who and what.  Back Officer Friendly is cheap and extremely
>>useful. http://www.nfr.net/products/bof/  There is also BlackIce by Network
>>Ice.  Also cheap and winning awards for it's prolific design and
>>usefulness.  http://www.netice.com/Products/DEFAULT.HTM
>>
>>It's up to you what you do with the student once you catch them.  I'm for
>>public dunking.  You should take this very seriously, and not stall on
>>action.  The damage that can be done by this individual can be catastrophic
>>if they get enough passwords, or the right passwords (administrators,
>>network administrators, etc.)
>>
>>I hope that helps, if I can be of further assistance feel free to contact
>>me directly.  I have some experience in these matters, and with this
>>software.  Computer Crime and Network Security are my subject spaciality.
>>
>>
>>Cynthia Hetherington, MLS
>>Senior Technology Librarian
>>Englewood, NJ
>>201-568-2215 x230
>>
>>At 06:29 AM 1/26/2000 -0800, John West wrote:
>>  >Our college's computing department is concerned that someone on campus
has
>>  >been using packet sniffing software to determine other people's
passwords.
>>  >This may not have been done maliciously, but just because it can be done.
>>  >However, we have a network policy that is explicit about doing such
things.
>>  > Unfortunately, like driving through traffic lights and stop signs,
unless
>>  >there is someone in the way or a police officer sees the offense,
there is
>>  >little that we are able to do to detect this.
>>  >
>>  >Have any of you had to deal with this problem and if so, how have you
done
>>  >so?  Is there a hardware/software solution to making this activity harder
>>  >to do?  Is there anyway to find out if someone is doing this on the
network
>>  >and can the offender be pinpointed in someway?
>>  >
>>  >I am sending this to several lists, so I apologize for any duplication.
>>  >Please email me directly, jwest at austinc.edu.
>>  >
>>  >Thanks,
>>  >
>>  >
>>  >
>>  >John R. West             "always the beautiful
>>  >Assoc. College Librarian/ answer who asks a
>>  >Systems Administrator     more beautiful
>>  >Abell Library Center      question..."
>>  >Austin College              Edward Estlin Cummings
>>  >900 N. Grand Avenue       "If they can get you to
>>  >Sherman, TX  75090-4440   ask the wrong questions
>>  >phone: 903-813-2536       then they don't need to
>>  >fax: 903-813-2297         worry about the answers."
>>  >e-mail:jwest at austinc.edu     Thomas Pynchon
>>  >
>>  >
>>  >
>>  >
>
>Eric Hellman
>Openly Informatics, Inc.
>http://www.openly.com/           21st Century Information Infrastructure
>LinkBaton: Your Shortcuts to Information  http://linkbaton.com/
>
>

More information about the Web4lib mailing list