Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Securing network against sniffing

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    56

    Default Securing network against sniffing

    Hello people.
    I am working in an organisation which has one fairly large network with 6 VLANs, WiFi, layer 2&3 switches, multiple servers etc. There is one server running Squid proxy.
    Now the thing is that this network really insecure from inside. Anybody running ettercap or any other good sniffer can capture almost every username and password. I let ettercap running for 30 minutes in one subnet and it captured nearly 20 passwords, all in plain text.
    Is there anything that I can do to make the network secure against this? Or even a single computer ?

    Only password that wasn't caught in plain text was Yahoo. It showed hash and its salt. Can anybody post some information why is it so?
    Is it possible to capture passwords from other subnets using ettercap? I tried doing so by scanning all live hosts (whole network) and making a list which was loaded into ettercap. But unlike local hosts that are picked up by default, the Host List shows no MAC addresses. I guess, ARP spoofing wouldn't work.
    I can put my PC in same subnet as that of proxy server, but even then it didn't owrk.
    [FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by snake eyes View Post
    Hello people.
    I am working in an organisation which has one fairly large network with 6 VLANs, WiFi, layer 2&3 switches, multiple servers etc. There is one server running Squid proxy.
    Now the thing is that this network really insecure from inside. Anybody running ettercap or any other good sniffer can capture almost every username and password. I let ettercap running for 30 minutes in one subnet and it captured nearly 20 passwords, all in plain text.
    Is there anything that I can do to make the network secure against this? Or even a single computer ?
    SSL / TLS implementation???
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Is there anything that I can do to make the network secure against this?
    Either physically secure the cables from tampering, or encrypt the data being sent along them. Either that or voodoo.

    Is it possible to capture passwords from other subnets using ettercap?
    Depends what you mean by "other subnets". If the other subnet is on a separate broadcast domain (i.e. on a separate LAN), then that means you have to go through a router to access the other subnet. You won't be able to see anything behind a router unless it's actually being sent into your LAN via a particular port on the router.

    It's possible though, to have two subnets on the one broadcast domain (i.e. without a router in between). For instance, get a four-port hub and four PC's (let's call them A,B,C,D).

    A = 192.168.1.5/24
    B = 192.168.1.6/24
    C = 10.10.10.1/24
    D = 10.10.10.2/24

    A and B are on the same subnet. C and D are on the same subnet. Although there are two different subnets, they're both on the same wire, they share the same Ethernet broadcast domain. Computer A will be able to see the frames that are exchanged between C and D. Also, if A wants to send a packet to C, it doesn't necessarily have to go through a router, it can just add a route to its routing table which says that network 10.10.10.0/24 is on the wire (I actually tried this out before).

    So if the other subnet is behind a router, you won't be able to sniff (imagine what it would do to the internet if you could). If you're on the same Ethernet broadcast domain, then there's hope.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    56

    Default

    Naah.. not on same subnet. A layer 3 switch separates every VLAN. I was just wondering if it was possible to spoof MAC/IP of proxy server as my PC is on same subnet. I tried that but didn't work out well.
    Securing cables isn't an issue as subnets are connected by underground optical fibres. Most users are on WiFi anyway and WEP key is more or less secure.

    Wyze
    I'm using SSL on Mozilla but its problematic. No every sites support SSL including the intrantet and even my gmail passwords are getting captured :-s
    [FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]

  5. #5
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Quote Originally Posted by snake eyes View Post
    Most users are on WiFi anyway and WEP key is more or less secure.
    Are you serious?
    Congratulations to your organisation..
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by snake eyes View Post
    Naah.. not on same subnet. A layer 3 switch separates every VLAN. I was just wondering if it was possible to spoof MAC/IP of proxy server as my PC is on same subnet. I tried that but didn't work out well.
    Securing cables isn't an issue as subnets are connected by underground optical fibres. Most users are on WiFi anyway and WEP key is more or less secure.

    Wyze
    I'm using SSL on Mozilla but its problematic. No every sites support SSL including the intrantet and even my gmail passwords are getting captured :-s
    About as secure as a screen door.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    56

    Default

    Quote Originally Posted by Barry View Post
    About as secure as a screen door.

    Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
    [FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]

  8. #8
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by snake eyes View Post

    Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
    Static ARP tables would be a good start.
    dd if=/dev/swc666 of=/dev/wyze

  9. #9
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by snake eyes View Post

    Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
    They can sniff over the wireless just as easily as the wire. Easier actually.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by snake eyes View Post

    Give me some slack folks. All I meant was that my issue is more related to sniffing rather than somebody using WiFi without my authorization. Threat is from internal users not external.
    If your concern is about internal users, using unauthorized software, ie sniffers, then employ a PC auditing package. Have a IT policy that states that only software that is purchased and installed by IT may be used on company PC's. When your auditing software turns up such stuff, bust their ass.

    If someone is using a personal PC on the corporate LAN, and I don't know many companies that allow such things, then you have another issue. In that case, you could whitelist MAC addresses that are allowed on the LAN, and when a MAC address shows up that isn't allowed you could receive an alert telling you where the device is located and from there, appropriate action could be taken.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •