From owner-freebsd-security Tue Dec 19 7:24:29 2000 From owner-freebsd-security@FreeBSD.ORG Tue Dec 19 07:24:25 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 02F9E37B400 for ; Tue, 19 Dec 2000 07:24:18 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 148Oaj-0002j7-00; Tue, 19 Dec 2000 17:22:13 +0200 Date: Tue, 19 Dec 2000 17:22:13 +0200 (IST) From: Roman Shterenzon To: Dmitry Galyant Cc: Artem Koutchine , Subject: Re: What anti-sniffer measures do i have? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I ported antisniffer to freebsd once (still have patches somewhere), and found it to be completely unusable (it's really alpha quality). Also, their windows version is not much better. I think that cryptography is the key. On Tue, 19 Dec 2000, Dmitry Galyant wrote: > There is no software solution to your 'sniffer problem'. > Experienced guys can down interfaces and still listen a traffic, > can change MAC to your routers address and do not swith to > promisc, etc... > So, all anti-sniffs like L0pht's only can help you to be > rooted remotely. > Only solution is the hardware solution or crypto-solution. > > Regards, Dmitry. > > On Tue, 19 Dec 2000, Artem Koutchine wrote: > > > Date: Tue, 19 Dec 2000 15:57:12 +0300 > > From: Artem Koutchine > > To: security@FreeBSD.ORG > > Cc: questions@FreeBSD.ORG > > Subject: What anti-sniffer measures do i have? > > > > Hello! > > > > I guess, that there are issue which tend to grow bigger when you ignore > > them in the first place. > > > > So, our network has gotten pretty big and too many people can see what > > the should not see. Besdides, all of the people are very technically > > advanced > > and can easily use something like the new sniffer which even decrypts shh1 > > and ssl. > > > > So, I really need some ideas on how to disable sniffers on the network which > > is a typical 10Mbit ethernet build on a bunch of hubs. It consists of > > 1) FreeBSD workstations (many) > > 2) Windows 95/98/ME workstations (many) > > 3) WIndows NT wortstations (some) > > > > All of the need to intercommunicate: > > FreeBSDs work via NFS > > Windows (all kinds)<->FreeBSD via Samba > > Windows9x/ME<->WindowsNT via Samba > > > > Also , there is local office WEB, SMTP, POP3 and an Internet gatway. > > > > I am interested in knowing all kinds of solutions to the sniffer problem: > > software (preffered) or hardware. I'd like some more generic solution, which > > do not require any changed in the existing software configuration and allow > > the same functionality as we use now (broadcast can be screwed). > > > > Help! > > > > Regards, > > Artem > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message