From owner-freebsd-questions Wed Jan 17 21:49:41 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id VAA16619 for questions-outgoing; Wed, 17 Jan 1996 21:49:41 -0800 (PST) Received: from terra.aros.net (terra.aros.net [205.164.111.10]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA16611 for ; Wed, 17 Jan 1996 21:49:39 -0800 (PST) Received: (from angio@localhost) by terra.aros.net (8.6.12/8.6.12) id WAA00030; Wed, 17 Jan 1996 22:49:31 -0700 From: Dave Andersen Message-Id: <199601180549.WAA00030@terra.aros.net> Subject: Re: ethernet packet sniffer. To: ANDRSN@HOOVER.STANFORD.EDU (Annelise Anderson) Date: Wed, 17 Jan 1996 22:49:31 -0700 (MST) Cc: questions@freebsd.org In-Reply-To: <01I04NDA9KTU00BJ0X@HOOVER.STANFORD.EDU> from "Annelise Anderson" at Jan 17, 96 07:55:39 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-questions@freebsd.org Precedence: bulk Lo and behold, Annelise Anderson once said: > > (Someone else said this next statement) > >It's worse than that. Anyone w/ an ethernet connection on your net > >can read everything going in or out, not just sysadmins or those with > >root priviledges on your machine. If you're really worried about > >security, there's encrypted rlogin and pgp encryption for mail. > > Anyone with an ethernet connection on "my net" can read everything > (or log it and read it later, search for key words, send it to > someone else, etc....) > > Question: what's "my net"? How do I find out? Is there anything > like, say, a radar detector that determines if anyone else is doing > this on "my net"? Your net is any area to which all of your ethernet packets propagate (this typically means all of the computers attached to the same ethernet as the computer in question). Generally, packets will be sent indiscriminately through most ethernet hubs unless they're specifically switched ethernet hubs, some bridges, etc. Anything beyond your router is (generally) not part of "your net". The gist of it is that in many ways, the security of your network depends in great part on the security of your weakest host -- if someone can gain access to any host on your network, they can monitor the traffic to/from all of the hosts on your local network. I'm not familiar with anything that would let you detect packet monitoring, because it's a passive thing; just make sure nobody has unauthorized root access to any of the machines on your network (programs such as tripwire, a good backup schedule, etc). > Annelise -Dave Andersen -- angio@aros.net Complete virtual hosting and business-oriented system administration Internet services. (WWW, FTP, email) http://www.aros.net/ http://www.aros.net/about/virtual/ "There are only two industries that refer to thier customers as 'users'."