SSL / TLS implementation???Originally Posted by snake eyes
Securing network against sniffing
Hello people.
I am working in an organisation which has one fairly large network with 6 VLANs, WiFi, layer 2&3 switches, multiple servers etc. There is one server running Squid proxy.
Now the thing is that this network really insecure from inside. Anybody running ettercap or any other good sniffer can capture almost every username and password. I let ettercap running for 30 minutes in one subnet and it captured nearly 20 passwords, all in plain text.
Is there anything that I can do to make the network secure against this? Or even a single computer ?
Only password that wasn't caught in plain text was Yahoo. It showed hash and its salt. Can anybody post some information why is it so?
Is it possible to capture passwords from other subnets using ettercap? I tried doing so by scanning all live hosts (whole network) and making a list which was loaded into ettercap. But unlike local hosts that are picked up by default, the Host List shows no MAC addresses. I guess, ARP spoofing wouldn't work.
I can put my PC in same subnet as that of proxy server, but even then it didn't owrk.
[FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]
SSL / TLS implementation???
dd if=/dev/swc666 of=/dev/wyze
Either physically secure the cables from tampering, or encrypt the data being sent along them. Either that or voodoo.Is there anything that I can do to make the network secure against this?
Depends what you mean by "other subnets". If the other subnet is on a separate broadcast domain (i.e. on a separate LAN), then that means you have to go through a router to access the other subnet. You won't be able to see anything behind a router unless it's actually being sent into your LAN via a particular port on the router.Is it possible to capture passwords from other subnets using ettercap?
It's possible though, to have two subnets on the one broadcast domain (i.e. without a router in between). For instance, get a four-port hub and four PC's (let's call them A,B,C,D).
A = 192.168.1.5/24
B = 192.168.1.6/24
C = 10.10.10.1/24
D = 10.10.10.2/24
A and B are on the same subnet. C and D are on the same subnet. Although there are two different subnets, they're both on the same wire, they share the same Ethernet broadcast domain. Computer A will be able to see the frames that are exchanged between C and D. Also, if A wants to send a packet to C, it doesn't necessarily have to go through a router, it can just add a route to its routing table which says that network 10.10.10.0/24 is on the wire (I actually tried this out before).
So if the other subnet is behind a router, you won't be able to sniff (imagine what it would do to the internet if you could). If you're on the same Ethernet broadcast domain, then there's hope.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
Naah.. not on same subnet. A layer 3 switch separates every VLAN. I was just wondering if it was possible to spoof MAC/IP of proxy server as my PC is on same subnet. I tried that but didn't work out well.
Securing cables isn't an issue as subnets are connected by underground optical fibres.Most users are on WiFi anyway and WEP key is more or less secure.
Wyze
I'm using SSL on Mozilla but its problematic. No every sites support SSL including the intrantet and even my gmail passwords are getting captured :-s
[FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]
Are you serious?
Congratulations to your organisation..
Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:
* post your question to a forum where it's off topic
* post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
* cross-post to too many different newsgroups
* post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem
About as secure as a screen door.Naah.. not on same subnet. A layer 3 switch separates every VLAN. I was just wondering if it was possible to spoof MAC/IP of proxy server as my PC is on same subnet. I tried that but didn't work out well.
Securing cables isn't an issue as subnets are connected by underground optical fibres.
Wyze
I'm using SSL on Mozilla but its problematic. No every sites support SSL including the intrantet and even my gmail passwords are getting captured :-s
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
[FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]
Static ARP tables would be a good start.
Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
dd if=/dev/swc666 of=/dev/wyze
They can sniff over the wireless just as easily as the wire. Easier actually.
Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
If your concern is about internal users, using unauthorized software, ie sniffers, then employ a PC auditing package. Have a IT policy that states that only software that is purchased and installed by IT may be used on company PC's. When your auditing software turns up such stuff, bust their ass.
Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
If someone is using a personal PC on the corporate LAN, and I don't know many companies that allow such things, then you have another issue. In that case, you could whitelist MAC addresses that are allowed on the LAN, and when a MAC address shows up that isn't allowed you could receive an alert telling you where the device is located and from there, appropriate action could be taken.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Posting Permissions
