Thanks for the replies.Originally Posted by streaker69
The laptops and PCs number in 1000s. We have a Squid proxy, DHCP and Symantec antivirus . With such a high no. of users its almost impossible to go through log files that amount to a GB just in few weeks. Blocking MAC address is an option but with new laptops being brought in almost every month it becomes difficult.
Also if intruder keeps on changing his MAC, this isn't of much use.
Can you guys suggest any software (except Snort) that can do this kind of work?
Apart from that, is there really any way to stop the passwords from being transmitted in plain text? Preferably at the user end. Even if some solution stops this in a small but critical subnet, my work will be done.
[FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]
We have a client that runs two networks.
First is corporate, no un-auth PCs, and a restricted proxy. Tie this down with enforced transparent proxy and domain/username LDAP authentication? (so only machines joined to domain can authenticate)
Second is a wireless one, WEP, no proxy, just straight out, this is for personal computers, used for lunch hour and bit of personal stuff etc.
Give them the choice, a second network with less restrictions, and they may choose to leave the corporate lan?
wtf?
If you're using the latest version of Symantec EndPoint Protection, then you can configure it to whitelist known applications.
If you're using a Windows Domain, then you can GPO what the users can and cannot do on their machines, right down to limiting applications that can be installed. If they can't install anything then there is no sniffing.
If you're a company of that size, I would expect that you'd have a fairly strict Computer Usage Policy approved by HR. If you find someone violating that policy they should be reported and appropriate action should be taken. Normally it only takes a couple of people to be made an example of regarding those policies and the rest just fall in line.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
The answer is no.
Tell you wht, I checked this thing on my home internet connction and same thing happens there too. I let etttercap run for 3-4 hours and I had a list of nearly 30 passwords. Email, 1 shopping site, 1 railway ticket booking site, 2 matrimony and adult friendship sites among others
I cant force my stupid ISP to change the security system.
Connection in my house comes via a cat5 cable connected to some kind . There is mac address binding, so that a particular IP is bound to a single mac address only
This is really scary. I change my passowrds every 2-3 months. But even that precaution is useless now.Code:nmap -v -sV 10.130.193.1 (--------> Gateway) Starting Nmap 4.50 ( http://insecure.org ) at 2008-11-22 13:21 GMT Initiating ARP Ping Scan at 13:21 Scanning 10.130.193.1 [1 port] Completed ARP Ping Scan at 13:21, 0.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 13:21 Completed Parallel DNS resolution of 1 host. at 13:21, 2.62s elapsed Initiating SYN Stealth Scan at 13:21 Scanning 10.130.193.1 [1711 ports] Completed SYN Stealth Scan at 13:21, 8.39s elapsed (1711 total ports) Initiating Service scan at 13:21 SCRIPT ENGINE: Initiating script scanning. Host 10.130.193.1 appears to be up ... good. Interesting ports on 10.130.193.1: Not shown: 1710 filtered ports PORT STATE SERVICE VERSION 113/tcp closed auth MAC Address: 00:09:0F:30:B7:0C (Fortinet) Read data files from: /usr/local/share/nmap Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.314 seconds Raw packets sent: 3423 (150.610KB) | Rcvd: 3 (134B)
[FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]
Or, you could use some old school software, (netcat) and put a backdoor on their computer, Go in later and put a keg logger; then you can see EVERYONE who they are stealing from. Just make sure you have permission from the network admin, if that isn't you.Any unauthorized computer on a network should be fair game, especially since such actions can be considered surveillance.
Originally Posted by pureh@te
You may think its stupid but when you are posting online sometimes spelling, grammar and thought put into the content of your posts is the only thing people have to measure you by and to determine the level of seriousness they should give you. So with that in mind I'd say "Yes" its pretty important.
I'm sure that works if your network is in a frat house.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
lol, terminal86 is right... There is no such thing as a secure wireless encryption.. Some just take longer than others...Are you serious?
Congratulations to your organisation..
Originally Posted by pureh@te
You may think its stupid but when you are posting online sometimes spelling, grammar and thought put into the content of your posts is the only thing people have to measure you by and to determine the level of seriousness they should give you. So with that in mind I'd say "Yes" its pretty important.
lol, As I have said before I'm still an amateur at this. So I appreciate constructive (or humorous) criticism.I'm sure that works if your network is in a frat house.
Originally Posted by pureh@te
You may think its stupid but when you are posting online sometimes spelling, grammar and thought put into the content of your posts is the only thing people have to measure you by and to determine the level of seriousness they should give you. So with that in mind I'd say "Yes" its pretty important.
Someone might be familiar with this....
I was at a hotel once and I was connected to the wifi with my laptop. I tried to assign myself a static IP address and i got an error due to an IP conflict. I ran a program that scanned the subnet and for some reason, all of the IP addresses were taken by the same device. I am assuming it was the same device because all of the IPs had the same MAC address. The only IPs that did not have the same MAC were the ones that had been assigned to devices via DHCP.
I don't know what it was that the hotel was using to do that, but it definitely improved their security. Assuming that trying to run ettercap would stop all traffic and not allow for any MITM attacks.
Posting Permissions
