[WEB4LIB] Re: packet sniffing by the unauthorized

Eric Hellman eric at openly.com
Wed Jan 26 11:45:11 EST 2000


I think Cynthia is confusing sniffing for snooping and trolling.

Packet sniffing is undetectable unless you have access to the machine 
doing the sniffing. This is why you should never send critical 
passwords in the clear. For example, mail servers should always be 
set to "require APOP authentication".

There are many good reasons people might have for packet sniffing. 
Debugging networks requires it; defense against hackers is another. 
All fire walls do packet sniffing.

Eric


At 7:29 AM -0800 1/26/00, HIS wrote:
>Hello.
>
>Depending on which side of the firewall your person is scanning from will
>result in how you go about finding out who is penetrating your network.
>
>You need to determine who the offender is by examining their incoming IP
>address.  Check out several of the Intrusion Detection software packages to
>find out who and what.  Back Officer Friendly is cheap and extremely
>useful. http://www.nfr.net/products/bof/  There is also BlackIce by Network
>Ice.  Also cheap and winning awards for it's prolific design and
>usefulness.  http://www.netice.com/Products/DEFAULT.HTM
>
>It's up to you what you do with the student once you catch them.  I'm for
>public dunking.  You should take this very seriously, and not stall on
>action.  The damage that can be done by this individual can be catastrophic
>if they get enough passwords, or the right passwords (administrators,
>network administrators, etc.)
>
>I hope that helps, if I can be of further assistance feel free to contact
>me directly.  I have some experience in these matters, and with this
>software.  Computer Crime and Network Security are my subject spaciality.
>
>
>Cynthia Hetherington, MLS
>Senior Technology Librarian
>Englewood, NJ
>201-568-2215 x230
>
>At 06:29 AM 1/26/2000 -0800, John West wrote:
>  >Our college's computing department is concerned that someone on campus has
>  >been using packet sniffing software to determine other people's passwords.
>  >This may not have been done maliciously, but just because it can be done.
>  >However, we have a network policy that is explicit about doing such things.
>  > Unfortunately, like driving through traffic lights and stop signs, unless
>  >there is someone in the way or a police officer sees the offense, there is
>  >little that we are able to do to detect this.
>  >
>  >Have any of you had to deal with this problem and if so, how have you done
>  >so?  Is there a hardware/software solution to making this activity harder
>  >to do?  Is there anyway to find out if someone is doing this on the network
>  >and can the offender be pinpointed in someway?
>  >
>  >I am sending this to several lists, so I apologize for any duplication.
>  >Please email me directly, jwest at austinc.edu.
>  >
>  >Thanks,
>  >
>  >
>  >
>  >John R. West             "always the beautiful
>  >Assoc. College Librarian/ answer who asks a
>  >Systems Administrator     more beautiful
>  >Abell Library Center      question..."
>  >Austin College              Edward Estlin Cummings
>  >900 N. Grand Avenue       "If they can get you to
>  >Sherman, TX  75090-4440   ask the wrong questions
>  >phone: 903-813-2536       then they don't need to
>  >fax: 903-813-2297         worry about the answers."
>  >e-mail:jwest at austinc.edu     Thomas Pynchon
>  >
>  >
>  >
>  >

Eric Hellman
Openly Informatics, Inc.
http://www.openly.com/           21st Century Information Infrastructure
LinkBaton: Your Shortcuts to Information  http://linkbaton.com/


More information about the Web4lib mailing list