Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: Securing network against sniffing

  1. #21
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Arp Bridge/Proxy I think the term is?
    wtf?

  2. #22
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    About as secure as employing micheal jakson as the body guard for your 13 year old son

    Implement some auditing software across the whole network. The software at my university doesnt allow hardly anything to be executed. And if you want to execute something you have to ask for permission. However i did write a bat script that i dropt into the startup folder, using a simple elevation trick I managed to bypass this security. I executed nmap, then went and got a technician to come and see what i had done.
    I then had to teach the so called technician how to add a line of code to the unallowed sect of the auditing conf. Point is know your software , exactly what, how and why it works. As for wirless like i said before its only secure untill someone finds a way to make it unsecure, You dont want your network being vulnarable to this new attack, So make sure when your network has been infiltrated, pulling out infor is still hard work. So with the right restrictions right security right data encryption and proper monitering of your network your making it as safe as can be FOR NOW.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  3. #23
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by killadaninja View Post
    About as secure as employing micheal jakson as the body guard for your 13 year old son

    Implement some auditing software across the whole network. The software at my university doesnt allow hardly anything to be executed. And if you want to execute something you have to ask for permission. However i did write a bat script that i dropt into the startup folder, using a simple elevation trick I managed to bypass this security. I executed nmap, then went and got a technician to come and see what i had done.
    I then had to teach the so called technician how to add a line of code to the unallowed sect of the auditing conf. Point is know your software , exactly what, how and why it works. As for wirless like i said before its only secure untill someone finds a way to make it unsecure, You dont want your network being vulnarable to this new attack, So make sure when your network has been infiltrated, pulling out infor is still hard work. So with the right restrictions right security right data encryption and proper monitering of your network your making it as safe as can be FOR NOW.
    In the future please edit your posts instead of making a new post 5 mins later.

  4. #24
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    sorry Ph was an accident ll make sure it dont happen again
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  5. #25
    Junior Member
    Join Date
    Jul 2007
    Posts
    56

    Default

    Using Bridge ARP (i hope it's the correct term, I've never heard or used it though) is not feasible as the no. of PCs involved is too much with numerous layer 2 switches in different blocks.
    Setting permissions on individual PCs is not possible either. Only a few PCs are in domain and we have only that much licenses of anti-virus software.
    These are the few major roadblocks.
    I tried using SSH, HTTPS for logging into servers and external websites, but found out that most of these passwords were being sniffed out too. Considering how many times we need to remotely login onto our servers from different locations (subnets) , it gets serious. I've been looking for a foolproof way to ensure that passwords don't get sniffed in the network like it's possible now. Catching the guys who do it is a bit difficult considering no. of users involved and available manpower and resources.
    [FONT="System"][COLOR="DarkSlateBlue"][B]I am not arrogant, just better than you.[/B][/COLOR][/FONT]

  6. #26
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default

    Quote Originally Posted by snake eyes View Post
    Using Bridge ARP (i hope it's the correct term, I've never heard or used it though) is not feasible as the no. of PCs involved is too much with numerous layer 2 switches in different blocks.
    Setting permissions on individual PCs is not possible either. Only a few PCs are in domain and we have only that much licenses of anti-virus software.
    These are the few major roadblocks.
    I tried using SSH, HTTPS for logging into servers and external websites, but found out that most of these passwords were being sniffed out too. Considering how many times we need to remotely login onto our servers from different locations (subnets) , it gets serious. I've been looking for a foolproof way to ensure that passwords don't get sniffed in the network like it's possible now. Catching the guys who do it is a bit difficult considering no. of users involved and available manpower and resources.
    It would be much easier to manage if all of your computers were members of the domain. Why aren't they? If it is a windows network maybe look into an IPSEC solution for encrypting lan traffic. Also I'm not exactly sure but aren't there IDS systems that would detect LAN sniffing?

  7. #27
    Junior Member Amlord1's Avatar
    Join Date
    Nov 2008
    Posts
    78

    Default

    Okay. I just thought of this, and it's probably a long shot.

    You know how some firewall programs block programs that you want to run on your computer?

    Would it be possible to use (or write) a network-wide firewall that would block certain programs (i.e. C&A, Metasploit, Ettercap, etc.) that are commonly and primarily used for the gaining of illegal information? If it's a corporate network, there should be no reason for the use of those on a PC or ESPECIALLY a corporate computer to have it installed, or to be using it. From experience, it's nearly impossible to get around the admin settings... well, that's unless you go and download a bootable slax cd.. which isn't hard at all, as long as you know you arn't downloading a virus.... Still, it could be made more secure...

    Feedback please.
    Originally Posted by pureh@te
    You may think its stupid but when you are posting online sometimes spelling, grammar and thought put into the content of your posts is the only thing people have to measure you by and to determine the level of seriousness they should give you. So with that in mind I'd say "Yes" its pretty important.

  8. #28
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Amlord1 View Post
    Okay. I just thought of this, and it's probably a long shot.

    You know how some firewall programs block programs that you want to run on your computer?

    Would it be possible to use (or write) a network-wide firewall that would block certain programs (i.e. C&A, Metasploit, Ettercap, etc.) that are commonly and primarily used for the gaining of illegal information? If it's a corporate network, there should be no reason for the use of those on a PC or ESPECIALLY a corporate computer to have it installed, or to be using it. From experience, it's nearly impossible to get around the admin settings... well, that's unless you go and download a bootable slax cd.. which isn't hard at all, as long as you know you arn't downloading a virus.... Still, it could be made more secure...

    Feedback please.
    If you're talking about someone running one of these applications on a computer owned by said corporation, you wouldn't need a firewall, you'd just enable a group policy that does not allow them to be installed/run on the machine. This is rather easily done.

    If you're talking about an intruder on the local LAN using their own machine you could take other measures. For your plan to work, you'd have to have a firewall capable of blocking those on every single machine, so you're talking about a software firewall on the OS. This of course would get cumbersome fast and rather impractical.

    In cases like this, physical security would be better. Unused network ports are disabled at the switch and can only be enabled by a request to IT. MAC addresses are whitelisted and unknown MAC's found on the network send alerts to IT. As a policy, no outside machines may be connected to the corporate LAN, guest machines may be connected only inside a DMZ from the normal LAN.

    IDS/IPS sensors could be placed at various places on the LAN looking for suspicious traffic. Anything noticed would be alerted to IT. This all goes to a layered security approach, there is no one solution.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #29
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by Amlord1 View Post
    Okay. I just thought of this, and it's probably a long shot.

    You know how some firewall programs block programs that you want to run on your computer?

    Would it be possible to use (or write) a network-wide firewall that would block certain programs (i.e. C&A, Metasploit, Ettercap, etc.) that are commonly and primarily used for the gaining of illegal information? If it's a corporate network, there should be no reason for the use of those on a PC or ESPECIALLY a corporate computer to have it installed, or to be using it. From experience, it's nearly impossible to get around the admin settings... well, that's unless you go and download a bootable slax cd.. which isn't hard at all, as long as you know you arn't downloading a virus.... Still, it could be made more secure...

    Feedback please.
    No because things like ettercap and C & A are "sniffers" and dont work with ports. The basically redirect arp requests. Metasploit or any other exploit framework for that matter cant be blocked because any shell code can pretty much be use with any port. There is now way to "port" block a exploit. You either need the service running on that port or you dont. The key is never letting a attacker any where near you LAN so that these tools are never used. The weakest link these days in a corporation is web applications so another key thing to do is keep your web servers in a DMZ so even if they are compromised the "evil hackers" still cannot access your LAN. This can all easily be done with hardware fire walls and cisco routers (or whatever you use).

  10. #30
    Junior Member Amlord1's Avatar
    Join Date
    Nov 2008
    Posts
    78

    Default

    Quote Originally Posted by pureh@te View Post
    No because things like ettercap and C & A are "sniffers" and dont work with ports. The basically redirect arp requests. Metasploit or any other exploit framework for that matter cant be blocked because any shell code can pretty much be use with any port. There is now way to "port" block a exploit. You either need the service running on that port or you dont. The key is never letting a attacker any where near you LAN so that these tools are never used. The weakest link these days in a corporation is web applications so another key thing to do is keep your web servers in a DMZ so even if they are compromised the "evil hackers" still cannot access your LAN. This can all easily be done with hardware fire walls and cisco routers (or whatever you use).
    Quote Originally Posted by streaker69 View Post
    If you're talking about someone running one of these applications on a computer owned by said corporation, you wouldn't need a firewall, you'd just enable a group policy that does not allow them to be installed/run on the machine. This is rather easily done.

    If you're talking about an intruder on the local LAN using their own machine you could take other measures. For your plan to work, you'd have to have a firewall capable of blocking those on every single machine, so you're talking about a software firewall on the OS. This of course would get cumbersome fast and rather impractical.

    In cases like this, physical security would be better. Unused network ports are disabled at the switch and can only be enabled by a request to IT. MAC addresses are whitelisted and unknown MAC's found on the network send alerts to IT. As a policy, no outside machines may be connected to the corporate LAN, guest machines may be connected only inside a DMZ from the normal LAN.

    IDS/IPS sensors could be placed at various places on the LAN looking for suspicious traffic. Anything noticed would be alerted to IT. This all goes to a layered security approach, there is no one solution.

    Both make sense. Thanks.
    Originally Posted by pureh@te
    You may think its stupid but when you are posting online sometimes spelling, grammar and thought put into the content of your posts is the only thing people have to measure you by and to determine the level of seriousness they should give you. So with that in mind I'd say "Yes" its pretty important.

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •