[WEB4LIB] packet sniffing by the unauthorized

[Bob Rasmussen]

Packet sniffing is totally passive, as has been pointed out, so it can not be
detected. It is tricky to setup, but doable, especially on a Linux system. It
can see, capture, and analyze packets on the particular subnet, sort of
"anybody who's on your party line" on one side of a router. Consequently, it
is especially a threat in a college environment, where an entire dorm may be
on one side of a router. It is generally set up to sniff one protocol at a
time.

The best defense against sniffing is some sort of encryption. The options
available vary by protocol. For instance, there are several options available
on web browsers, hence the distinction between "secure" and "non-secure" web
pages. You should always use a secure page if you're transmitting a credit
card number (although there are other threats out there).

One of the biggest threats is telnet traffic, in which the password is
generally sent in cleartext. Various schemes are available, including
Kerberos, SSH, and SRP. These address authentication (how can I prove who I am
without sending a cleartext password?) and encryption (which applies to the
traffic in general).

As a vendor of telnet programs for Windows, we are working on supporting these
protocols.

-- 
Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras at anzio.com
 company e-mail: rsi at anzio.com or sales at anzio.com or support at anzio.com
 ftp://ftp.anzio.com               voice: 503-624-0360
http://www.anzio.com                 fax: 503-624-0760