how to block MSN Sniffer

mudasir · Post by **mudasir** » Thu Aug 23, 2007 7:14 am

AOA,

I have a question, in my network one of my users is using MSN Sniffer, monitoring all the MSN conversations, i know the IP Address of the person doing this.
I want to know is there any way to stop that guy from doing that wothout him knowing anything or do anything that will stop any sniffing applications.

I am using simple MAC Address Based Authentication through IPTABLES and using Squid as a Proxy and caching server.

Looking Forward for some help.

Post by **lambda** » Thu Aug 23, 2007 11:47 am

use more switches on your network.

mudasir · Post by **mudasir** » Thu Aug 23, 2007 7:45 pm

AOA

can i have a better solution.

because as LAMBDA stated

use more switches on your network.

The person who is using the "SNIFFIER" is almost 15 to 18 switches away from Server. So how many more switches should i use to avoid it.

And one more thing, how to block particular applications from server as done in ISA Firewall.

Looking forward to get more appropriate SOLUTION.

Post by **lambda** » Thu Aug 23, 2007 8:41 pm

i don't see how the person can sniff other switch ports' packets, unless he's doing some sort of mac address spoofing. in which case, use managed switches -- something i'm pretty certain i pointed out several months ago.

please don't use ambiguous and useless terms like "server". there is no "server" for the network; the network works without a "server".

mudasir · Post by **mudasir** » Thu Aug 23, 2007 9:47 pm

AOA,

Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.

Looking forward for some help in this regards.

kbukhari · Post by **kbukhari** » Fri Aug 24, 2007 12:36 pm

mudasir wrote:AOA,

Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.

Looking forward for some help in this regards.

\

well are u sure he is using such sniffer ?
or may be he is using spy ware to get chatting ?

mudasir · Post by **mudasir** » Sat Aug 25, 2007 12:19 am

AOA,

I am not sure wheather that guy is using a SNIFFER or a SPYWARE, but i am sure that he is using something to monitor conversations.

So how can i stop this... ???

Post by **lambda** » Sat Aug 25, 2007 11:28 am

unplug him.

mudasir · Post by **mudasir** » Sat Aug 25, 2007 11:10 pm

AOA,

Not looking for this sort of solution

..

Anyways...i was just curious to know wheather this thing can be blocked or not...

Now i know that this SNIFFER thing can not be blocked....

As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....

And Thanks to all of you for sharing your IDEAS with me...

compucated · Post by **compucated** » Sun Aug 26, 2007 12:58 am

well, first take a look at Sniffers: Basics and Detection
http://cns.tstc.edu/cpate/LINUX/Linux_How2/Sniffers.htm for better understanding.

The packets of MSN Messenger are sent over the network in cleartext form which make it highly insecure, its better to use some encrypting application to secure chat packets i.e. http://www.secway.fr/us/products/simplite_msn/home.php

Its extremely difficult to detect sniffers, however see some useful links for Sniffer Detection.
http://sniffdet.sourceforge.net/faq.html
http://packetstorm.linuxsecurity.com/sn ... antisniff/

Post by **lambda** » Sun Aug 26, 2007 3:09 am

mudasir wrote:Not looking for this sort of solution ..

why not? it almost guaranteed to work.

Anyways...i was just curious to know wheather this thing can be blocked or not...
Now i know that this SNIFFER thing can not be blocked....

says who? if it's a networking-related hack, switch to managed switches, and lock switch ports to mac addresses. if it works with spyware, clean the infected systems and install the latest security updates.

As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....

and you're rejecting all the provided solutions. no wonder you think there is no way to "block" the sniffer.

mudasir · Post by **mudasir** » Sun Aug 26, 2007 4:21 am

AOA,

Dear Compucated thanx for answer..

Dear Lambda, may i know why you always point out little things in others post...

Post by **lambda** » Sun Aug 26, 2007 2:56 pm

you have a problem. you're given several solutions. you reject them because you don't understand the problem.

not understanding the problem is a "little thing" for you. for the people trying to help you, it's a major frustration.

i promise not to point out the little things in your future posts.

mudasir · Post by **mudasir** » Sun Aug 26, 2007 7:38 pm

AOA,

Dear Lambda,
I have not rejected any of the solutions that were posted in answer to my problem, how ever those solutions provided by more experience people then me were not what i was looking for....

So please dont take this personal or anything like that...

And i know what the problem as, as i have clearly stated it in my first post.

So please dont mind...

Take Care

raheelahmad · Post by **raheelahmad** » Sat Sep 01, 2007 2:42 pm

By using ISA server software signatures can be easily blocked , although i am not also a MS lover but like ISA block MSN n Yahoo it can also block any application on client side ...
have a look into thi s .. you can try this solutioin on VM LAb ................

But if you are using the gr8 linux solutions will be different ...............................