Date: Fri, 04 Jan 1980 15:41:07 +0100 From: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> To: DRHAGER@de.ibm.com, freebsd-net@FreeBSD.ORG Subject: Re: sniffing networks Message-ID: <12D36903.B60F67F6@fbwi.fh-wilhelmshaven.de> References: <C1256859.002914F4.00@d12mta01.de.ibm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
DRHAGER@de.ibm.com schrieb: > > If you are a cracker, you try to take down the other system someway. > Duplicate MAC-adresses (the hardware adress of your device) or duplicate > IP adresses are very hard to determine - ar least in my expirience. > A big segment with PCs and a lot of curios and "skilled" users can be hell. > If someone is root on his system, how do you stop him from reading pakets? > There is no way to tell a packet to avoid being read by tcpdump - or am I > confused? > > You can scan and search cards in promicuos mode, but this leads back to > shooting and cutting fingers. > Or you can buy cards which dont provide this feature - this exists for token > ring. Hi! Just have the same problem in our students-home network... Peer-to-peer network, every OS present, of course no central administration... ;-( 150 users conected... OK: How do you perform a search for cards in promiscuous mode? (Taking some expensive analyzer progs or some simple stuff under UN*X, Linsux or NT?) 2nd: are there any possibilities to think of, that a card is set to promiscous mode, with no TCP-IP stack behind it to handle requests the normal way, but a "special" stack written to behave like this: Packets are sniffed/come in, as the card sees every packet on the wire/segment. some software written especially for this determines if some criteria match a defined pattern (like a range of IP or MAC numbers, from some other known machines on that network) if a packet from/or for such a machine arrives, some action is taken, like dumping that segment to HDD or sending some counter-measures, like a POD attack or so... That way you also could easily sniff out mail passworts, as they are not encrypted. What would one need (time and programming skills) to do such a beast? I'm very curious to that, since we already had a bad sniffer attack from inside, where some mail passwords were hacked. And as our university, where we are connected to with the entire students living block, does not care about that security, we have to figure out about security alone... Regards Olaf Hoyer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12D36903.B60F67F6>