how to block MSN Sniffer

Protecting your Linux box

how to block MSN Sniffer

Postby mudasir » Thu Aug 23, 2007 7:14 am

AOA,

I have a question, in my network one of my users is using MSN Sniffer, monitoring all the MSN conversations, i know the IP Address of the person doing this.
I want to know is there any way to stop that guy from doing that wothout him knowing anything or do anything that will stop any sniffing applications.

I am using simple MAC Address Based Authentication through IPTABLES and using Squid as a Proxy and caching server.

Looking Forward for some help.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby lambda » Thu Aug 23, 2007 11:47 am

use more switches on your network.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Thu Aug 23, 2007 7:45 pm

AOA

can i have a better solution.

because as LAMBDA stated
use more switches on your network.


The person who is using the "SNIFFIER" is almost 15 to 18 switches away from Server. So how many more switches should i use to avoid it.

And one more thing, how to block particular applications from server as done in ISA Firewall.

Looking forward to get more appropriate SOLUTION.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby lambda » Thu Aug 23, 2007 8:41 pm

i don't see how the person can sniff other switch ports' packets, unless he's doing some sort of mac address spoofing. in which case, use managed switches -- something i'm pretty certain i pointed out several months ago.

please don't use ambiguous and useless terms like "server". there is no "server" for the network; the network works without a "server".
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Thu Aug 23, 2007 9:47 pm

AOA,

Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.

Looking forward for some help in this regards.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby kbukhari » Fri Aug 24, 2007 12:36 pm

mudasir wrote:AOA,

Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.

Looking forward for some help in this regards.
\


well are u sure he is using such sniffer ?
or may be he is using spy ware to get chatting ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby mudasir » Sat Aug 25, 2007 12:19 am

AOA,

I am not sure wheather that guy is using a SNIFFER or a SPYWARE, but i am sure that he is using something to monitor conversations.

So how can i stop this... ???
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby lambda » Sat Aug 25, 2007 11:28 am

unplug him.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Sat Aug 25, 2007 11:10 pm

AOA,

Not looking for this sort of solution :D ..

Anyways...i was just curious to know wheather this thing can be blocked or not... :roll:
Now i know that this SNIFFER thing can not be blocked....

As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....

And Thanks to all of you for sharing your IDEAS with me...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby compucated » Sun Aug 26, 2007 12:58 am

well, first take a look at Sniffers: Basics and Detection
http://cns.tstc.edu/cpate/LINUX/Linux_How2/Sniffers.htm for better understanding.

The packets of MSN Messenger are sent over the network in cleartext form which make it highly insecure, its better to use some encrypting application to secure chat packets i.e. http://www.secway.fr/us/products/simplite_msn/home.php

Its extremely difficult to detect sniffers, however see some useful links for Sniffer Detection.
http://sniffdet.sourceforge.net/faq.html
http://packetstorm.linuxsecurity.com/sniffers/antisniff/
compucated
Naik
 
Posts: 75
Joined: Mon Oct 13, 2003 5:06 am
WLM: compucated(at)msn(dot)com
Yahoo Messenger: activatedpower(at)yahoo(dot)com
Location: Karachi, Pakistan

Postby lambda » Sun Aug 26, 2007 3:09 am

mudasir wrote:Not looking for this sort of solution :D ..
why not? it almost guaranteed to work.

Anyways...i was just curious to know wheather this thing can be blocked or not... :roll:
Now i know that this SNIFFER thing can not be blocked....
says who? if it's a networking-related hack, switch to managed switches, and lock switch ports to mac addresses. if it works with spyware, clean the infected systems and install the latest security updates.

As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....
and you're rejecting all the provided solutions. no wonder you think there is no way to "block" the sniffer.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Sun Aug 26, 2007 4:21 am

AOA,

Dear Compucated thanx for answer..

Dear Lambda, may i know why you always point out little things in others post...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby lambda » Sun Aug 26, 2007 2:56 pm

you have a problem. you're given several solutions. you reject them because you don't understand the problem.

not understanding the problem is a "little thing" for you. for the people trying to help you, it's a major frustration.

i promise not to point out the little things in your future posts.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby mudasir » Sun Aug 26, 2007 7:38 pm

AOA,

Dear Lambda,
I have not rejected any of the solutions that were posted in answer to my problem, how ever those solutions provided by more experience people then me were not what i was looking for....

So please dont take this personal or anything like that...

And i know what the problem as, as i have clearly stated it in my first post.

So please dont mind...

Take Care
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby raheelahmad » Sat Sep 01, 2007 2:42 pm

By using ISA server software signatures can be easily blocked , although i am not also a MS lover but like ISA block MSN n Yahoo it can also block any application on client side ...
have a look into thi s .. you can try this solutioin on VM LAb ................

But if you are using the gr8 linux solutions will be different ...............................
-
Raheel Ahmad
raheelahmad
Naik
 
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
WLM: ahmad.raheel@hotmail.com
Yahoo Messenger: ahmad.raheel@yahoo.com
Location: Karachi


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron