[WEB4LIB] WEB4LIB digest 1709
tibor at lib.uaa.alaska.edu
tibor at lib.uaa.alaska.edu
Wed Jan 26 13:12:10 EST 2000
On Wed, 26 Jan 2000 HIS wrote:
> Date: Wed, 26 Jan 2000 10:28:32 -0500
> From: HIS <his at virtuallibrarian.com>
> To: jwest at austinc.edu,
> Subject: Re: packet sniffing by the unauthorized
>
> Hello.
>
> Depending on which side of the firewall your person is scanning from will
> result in how you go about finding out who is penetrating your network.
>
> You need to determine who the offender is by examining their incoming IP
> address. Check out several of the Intrusion Detection software packages to
> find out who and what. Back Officer Friendly is cheap and extremely
> useful. http://www.nfr.net/products/bof/ There is also BlackIce by Network
> Ice. Also cheap and winning awards for it's prolific design and
> usefulness. http://www.netice.com/Products/DEFAULT.HTM
Actually, these tools are designed for detecting remote attacks on your
network--portscans, or attacks on a specific application (really old
versions of unix sendmail had widely known buffer overflow vulnerabilities
that could be remotely exploited, and these systems also check for such
vulnerabilities).
Packet sniffing is almost always a computer physically located on your
local network segment which is listening to all the traffic. It could be
a laptop hidden in someone's office plugged into a port, or it could be a
desktop or server which has been compromised.
Packet sniffers are tough to detect because of their passive nature but
there appear to be tools available. One that popped on in a Google search
on "detecting packet sniffers" is:
http://www.l0pht.com/antisniff/
Mike
--
Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice
LAN Technician Consortium Library (907) 786-6050 fax
tibor at lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key
More information about the Web4lib
mailing list