Date: Tue, 4 Jan 2000 09:16:45 +0100 From: DRHAGER@de.ibm.com To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: freebsd-net@FreeBSD.ORG Subject: Re: sniffing networks Message-ID: <C125685C.002D7B4D.00@d12mta01.de.ibm.com>
next in thread | raw e-mail | index | archive | help
Hi! Just have the same problem in our students-home network... Peer-to-peer network, every OS present, of course no central administration... ;-( #Would not help anyway... 150 users conected... OK: How do you perform a search for cards in promiscuous mode? (Taking some expensive analyzer progs or some simple stuff under UN*X, Linsux or NT?) #There are a lot of possibilities. Check www.l0pht.com/antisniff/ for example. 2nd: are there any possibilities to think of, that a card is set to promiscous mode, with no TCP-IP stack behind it to handle requests the normal way, but a "special" stack written to behave like this: #Why bother for a special stack? To avoid being detected? #Nonetheless this can be done. Packets are sniffed/come in, as the card sees every packet on the wire/segment. some software written especially for this determines if some criteria match a defined pattern (like a range of IP or MAC numbers, from some other known machines on that network) #This is tcpdump, for example. But there are more. #You can get Linux on three floppy disks, boot a machine in the universities CIP pool #and start your adventure in the internet.. if a packet from/or for such a machine arrives, some action is taken, like dumping that segment to HDD or sending some counter-measures, like a POD attack or so... #What is a POD attack? That way you also could easily sniff out mail passworts, as they are not encrypted. What would one need (time and programming skills) to do such a beast? #You need some time searching the net. Try www.rootshell.com. Try yahoo and #search for hacking etc. #If you are eager do invent the wheel you will need a good grasp of networking, #(for example from the Stevens' books) and a good working knowledge of C. #(I have always been living in a VMS/Unix world, I cant say anything about NT..) #Its interesting leasure-time programming, a fairly skilled person can do this #in days or weeks. I'm very curious to that, since we already had a bad sniffer attack from inside, where some mail passwords were hacked. And as our university, where we are connected to with the entire students living block, does not care about that security, we have to figure out about security alone... #You should think about a firewall. #You should think about secure shell (SSH) for getting mail. #You should explain this very good to the students, make them understand #that they live on a insecure segment. Nobody wants everybody to read his mails. #I am out of this business, but out of personal ambitions I would try to set up #a Ipv6 network. 1) its fun. 2) you can use encrypted pakets. 3) you are a step #ahead of your students. 4) your students will develop ipv6 skills. #;-) Regards Olaf Hoyer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C125685C.002D7B4D.00>