Petri IT Knowledgebase Forums
 

Petri.co.il forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Security > General Security
Reload this Page

how to catch/block a sniffer on my network!!?

Petri.co.il is happy to award auglan the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read

Notices

how to catch/block a sniffer on my network!!?

how to catch/block a sniffer on my network!!?

this thread has 8 replies and has been viewed 2580 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 27th July 2008, 01:35
silent silent is offline
Casual
Casual
  
 Join Date: Jul 2008
  6 month star 12 month star
 Posts: 16
 Reputation: silent is on a distinguished road (10)
Angry how to catch/block a sniffer on my network!!?
hi all! users on my network usualy use yahoo to communicate one with the other, lately it came to my attention that some of those users are using sniffers to detect passwords on our lan and yahoo conversations and such private info. is there a way to block such sniffers?! our topology has a low security level theres our private network- cisco 2811 router- internet. any help would be appreciated..
  #2  
Old 27th July 2008, 02:51
Nonapeptide's Avatar
MVM Nonapeptide Nonapeptide is offline
Senior Member
MVM
  
 Join Date: Feb 2008
  6 month star 12 month star
 Location: Scottsdale, Arizona
 Posts: 1,769
  Send a message via MSN to Nonapeptide Send a message via Yahoo to Nonapeptide Send a message via Skype™ to Nonapeptide
 Reputation: Nonapeptide has a spectacular aura aboutNonapeptide has a spectacular aura aboutNonapeptide has a spectacular aura about (246)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by silent View Post
lately it came to my attention that some of those users are using sniffers to detect passwords on our lan and yahoo conversations and such private info.
How exactly did this come to your attention? Do you know who is doing this? If so, document your suspicions and bring this to the company's leadership immediately!

Quote:
Originally Posted by silent View Post
is there a way to block such sniffers?!
A sniffer is passive, so there really isn't much you can do unless you have a software management system in place that can detect what applications are on a user's computer. If you use Active Directory, you could put software restriction polices in place. To detect if and where these applications are installed, I think you can use the Application Compatibility Toolkit that Microsoft provides to do a network based scan of client machines for software titles. Even thought the utility is intended to be used to see if a Windows based computer is ready to be upgraded to Vista, you can still use it for other purposes. If you find any sniffers installed, bring it to the management and let them take care of the employee.

Quote:
Originally Posted by silent View Post
our topology has a low security level theres our private network- cisco 2811 router- internet. any help would be appreciated..
A sniffer will only work to capture someone else's data in the following scenarios:
  • The network is using hubs rather than switches
  • The network utilizes wireless in some form
  • A user has gained control over a switch or router and has mirrored ports to the port that their own computer resides on.
  • A sniffer has been installed on the victim's computer and is logging data that will later be retrieved by the attacker.

Which of these scenarios do you think you are dealing with? It would help if you could describe how you realized that this was going on.

Keep us posted!
__________________
Wesley David
LinkedIn | Careers 2.0
-------------------------------
Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
Vendor Neutral Certifications: CWNA
Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: Nonapeptide@gmail.com || Skype: Wesley.Nonapeptide
Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/
  #3  
Old 27th July 2008, 07:22
Lior_S's Avatar
MVM Lior_S Lior_S is offline
Member
MVM
  
 Join Date: Aug 2006
  6 month star 12 month star
 Location: USA
 Posts: 946
 Reputation: Lior_S is a jewel in the roughLior_S is a jewel in the roughLior_S is a jewel in the rough (269)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by Nonapeptide View Post
A sniffer will only work to capture someone else's data in the following scenarios:
  • The network is using hubs rather than switches
  • The network utilizes wireless in some form
  • A user has gained control over a switch or router and has mirrored ports to the port that their own computer resides on.
  • A sniffer has been installed on the victim's computer and is logging data that will later be retrieved by the attacker.
Not quite, any old network can be sniffed by just plugging in to any port. see here for a longish but excellent read.
__________________
"...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan
  #4  
Old 27th July 2008, 18:59
Dumber's Avatar
Dumber Dumber is offline
Moderator
  
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,068
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (820)
Default Re: how to catch/block a sniffer on my network!!?
As an adition you can use ipsec to encrypt the data.
__________________
Marcel
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
No matter how secure, there is always the human factor.
  #5  
Old 27th July 2008, 19:52
DYasny's Avatar
DYasny DYasny is offline
Moderator
  
 Join Date: Nov 2006
  6 month star 12 month star
 Location: Israel Centre
 Posts: 686
 Reputation: DYasny is a jewel in the roughDYasny is a jewel in the roughDYasny is a jewel in the roughDYasny is a jewel in the rough (310)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by Lior_S View Post
Not quite, any old network can be sniffed by just plugging in to any port. see here for a longish but excellent read.
he did mention hubs
________
SUZUKI MADURA HISTORY
Last edited by DYasny; 6th March 2011 at 21:17..
  #6  
Old 28th July 2008, 02:33
Lior_S's Avatar
MVM Lior_S Lior_S is offline
Member
MVM
  
 Join Date: Aug 2006
  6 month star 12 month star
 Location: USA
 Posts: 946
 Reputation: Lior_S is a jewel in the roughLior_S is a jewel in the roughLior_S is a jewel in the rough (269)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by DYasny View Post
he did mention hubs
not sure what your intending to say, but let me clarify my point to mean that regardless of hub/switch, port mirroring or not , you can be sniffed....
or did I not get the wink wink.....
__________________
"...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan
  #7  
Old 28th July 2008, 15:59
Nonapeptide's Avatar
MVM Nonapeptide Nonapeptide is offline
Senior Member
MVM
  
 Join Date: Feb 2008
  6 month star 12 month star
 Location: Scottsdale, Arizona
 Posts: 1,769
  Send a message via MSN to Nonapeptide Send a message via Yahoo to Nonapeptide Send a message via Skype™ to Nonapeptide
 Reputation: Nonapeptide has a spectacular aura aboutNonapeptide has a spectacular aura aboutNonapeptide has a spectacular aura about (246)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by Lior_S View Post
Not quite, any old network can be sniffed by just plugging in to any port. see here for a longish but excellent read.
The old ARP poisoning routine; an oldie but a goodie.

P.S. No winks were transacted during the course of this thread... not yet anyway.
__________________
Wesley David
LinkedIn | Careers 2.0
-------------------------------
Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
Vendor Neutral Certifications: CWNA
Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: Nonapeptide@gmail.com || Skype: Wesley.Nonapeptide
Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/
  #8  
Old 28th July 2008, 16:51
DYasny's Avatar
DYasny DYasny is offline
Moderator
  
 Join Date: Nov 2006
  6 month star 12 month star
 Location: Israel Centre
 Posts: 686
 Reputation: DYasny is a jewel in the roughDYasny is a jewel in the roughDYasny is a jewel in the roughDYasny is a jewel in the rough (310)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by Lior_S View Post
not sure what your intending to say, but let me clarify my point to mean that regardless of hub/switch, port mirroring or not , you can be sniffed....
or did I not get the wink wink.....
you can be sniffed on a gateway, or on a broadcast based network - i.e. a network that uses hubs instead of switches

ARP poisoning is a bit more advanced than just running a simple sniffer
________
MAZDA RYUGA PICTURE
Last edited by DYasny; 6th March 2011 at 21:18..
  #9  
Old 29th July 2008, 09:27
wullieb1 wullieb1 is offline
Moderator
  
 Join Date: Jul 2005
  6 month star 12 month star
 Location: Bris Vegas, Australia
 Posts: 6,394
 Reputation: wullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to behold (684)
Default Re: how to catch/block a sniffer on my network!!?
Quote:
Originally Posted by silent View Post
hi all! users on my network usualy use yahoo to communicate one with the other, lately it came to my attention that some of those users are using sniffers to detect passwords on our lan and yahoo conversations and such private info. is there a way to block such sniffers?! our topology has a low security level theres our private network- cisco 2811 router- internet. any help would be appreciated..
Yes you find out the names of the sniffer executables and block them from running on your windows network.

Ohh and you also block users from installing programs.

Or you write up a very good ICT policy than prohibits the use of non-company supplied software on any company machine.
Closed Thread

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Block unauthorized user from using network hirari General Security 4 26th July 2006 16:47
Try and Catch in VB .Net tonyyeb General Scripting 4 30th June 2006 10:33
Any one know a good sniffer ? ravx Misc 1 22nd August 2005 15:28
Ppop3 catch all account in exchange 2003 pambu Exchange 2000 / 2003 5 14th May 2005 11:00
possible to block users connecting to network as a workgroup Maxwell Shivers Active Directory 1 13th May 2005 09:37


All times are GMT +3. The time now is 11:26.

Contact Us - Petri.co.il forums - Archive - Top
Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri