[WEB4LIB] WEB4LIB digest 1709

tibor at lib.uaa.alaska.edu tibor at lib.uaa.alaska.edu
Wed Jan 26 12:44:43 EST 2000


On Wed, 26 Jan 2000 John West wrote:

> Date: Wed, 26 Jan 2000 08:32:05 -0600
> From: John West <jwest at austinc.edu>
> To: perl4lib at VIMS.EDU, web4lib at webjunction.org, system-admin at sirsi.com
> Subject: packet sniffing by the unauthorized
> 
> Our college's computing department is concerned that someone on campus has
> been using packet sniffing software to determine other people's passwords.
> This may not have been done maliciously, but just because it can be done.
> However, we have a network policy that is explicit about doing such things.
>  Unfortunately, like driving through traffic lights and stop signs, unless
> there is someone in the way or a police officer sees the offense, there is
> little that we are able to do to detect this.

I'm not so sure... I seem to recall a trick posted by a system
administrator to one of the Linux lists I'm on, where he wrote a perl
script which was able to detect interfaces on his subnet which were in
promiscuous mode (a dead giveaway that that host is sniffing traffic).

You might try to do some mailing list searches.  Check out
www.mail-archive.com for *many* list archives, and also www.netspace.org
for the server-linux list archive.

> Have any of you had to deal with this problem and if so, how have you done
> so?  Is there a hardware/software solution to making this activity harder
> to do?  Is there anyway to find out if someone is doing this on the network
> and can the offender be pinpointed in someway?

The simplest thing to do is replace your hubs with good switches.  Where a
hub takes packets received on one port and re-broadcasts them on all
ports, a switch will only put the traffic out to the specific port it
needs to go to.

Mike
-- 
Mike Tibor         Univ. of Alaska Anchorage    (907) 786-1001 voice
LAN Technician     Consortium Library             (907) 786-6050 fax
tibor at lib.uaa.alaska.edu       http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey  for PGP public key



More information about the Web4lib mailing list