how to block MSN Sniffer

Protecting your Linux box
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

how to block MSN Sniffer

Postby mudasir » Thu Aug 23, 2007 7:14 am

AOA,

I have a question, in my network one of my users is using MSN Sniffer, monitoring all the MSN conversations, i know the IP Address of the person doing this.
I want to know is there any way to stop that guy from doing that wothout him knowing anything or do anything that will stop any sniffing applications.

I am using simple MAC Address Based Authentication through IPTABLES and using Squid as a Proxy and caching server.

Looking Forward for some help.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Thu Aug 23, 2007 11:47 am

use more switches on your network.

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Thu Aug 23, 2007 7:45 pm

AOA

can i have a better solution.

because as LAMBDA stated
use more switches on your network.


The person who is using the "SNIFFIER" is almost 15 to 18 switches away from Server. So how many more switches should i use to avoid it.

And one more thing, how to block particular applications from server as done in ISA Firewall.

Looking forward to get more appropriate SOLUTION.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Thu Aug 23, 2007 8:41 pm

i don't see how the person can sniff other switch ports' packets, unless he's doing some sort of mac address spoofing. in which case, use managed switches -- something i'm pretty certain i pointed out several months ago.

please don't use ambiguous and useless terms like "server". there is no "server" for the network; the network works without a "server".

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Thu Aug 23, 2007 9:47 pm

AOA,

Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.

Looking forward for some help in this regards.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Postby kbukhari » Fri Aug 24, 2007 12:36 pm

mudasir wrote:AOA,

Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.

Looking forward for some help in this regards.
\


well are u sure he is using such sniffer ?
or may be he is using spy ware to get chatting ?
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sat Aug 25, 2007 12:19 am

AOA,

I am not sure wheather that guy is using a SNIFFER or a SPYWARE, but i am sure that he is using something to monitor conversations.

So how can i stop this... ???
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sat Aug 25, 2007 11:28 am

unplug him.

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sat Aug 25, 2007 11:10 pm

AOA,

Not looking for this sort of solution :D ..

Anyways...i was just curious to know wheather this thing can be blocked or not... :roll:
Now i know that this SNIFFER thing can not be blocked....

As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....

And Thanks to all of you for sharing your IDEAS with me...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

compucated
Naik
Posts: 75
Joined: Mon Oct 13, 2003 5:06 am
Location: Karachi, Pakistan
Contact:

Postby compucated » Sun Aug 26, 2007 12:58 am

well, first take a look at Sniffers: Basics and Detection
http://cns.tstc.edu/cpate/LINUX/Linux_How2/Sniffers.htm for better understanding.

The packets of MSN Messenger are sent over the network in cleartext form which make it highly insecure, its better to use some encrypting application to secure chat packets i.e. http://www.secway.fr/us/products/simplite_msn/home.php

Its extremely difficult to detect sniffers, however see some useful links for Sniffer Detection.
http://sniffdet.sourceforge.net/faq.html
http://packetstorm.linuxsecurity.com/sniffers/antisniff/

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sun Aug 26, 2007 3:09 am

mudasir wrote:Not looking for this sort of solution :D ..
why not? it almost guaranteed to work.

Anyways...i was just curious to know wheather this thing can be blocked or not... :roll:
Now i know that this SNIFFER thing can not be blocked....
says who? if it's a networking-related hack, switch to managed switches, and lock switch ports to mac addresses. if it works with spyware, clean the infected systems and install the latest security updates.

As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....
and you're rejecting all the provided solutions. no wonder you think there is no way to "block" the sniffer.

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sun Aug 26, 2007 4:21 am

AOA,

Dear Compucated thanx for answer..

Dear Lambda, may i know why you always point out little things in others post...
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sun Aug 26, 2007 2:56 pm

you have a problem. you're given several solutions. you reject them because you don't understand the problem.

not understanding the problem is a "little thing" for you. for the people trying to help you, it's a major frustration.

i promise not to point out the little things in your future posts.

mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Postby mudasir » Sun Aug 26, 2007 7:38 pm

AOA,

Dear Lambda,
I have not rejected any of the solutions that were posted in answer to my problem, how ever those solutions provided by more experience people then me were not what i was looking for....

So please dont take this personal or anything like that...

And i know what the problem as, as i have clearly stated it in my first post.

So please dont mind...

Take Care
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com

raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Postby raheelahmad » Sat Sep 01, 2007 2:42 pm

By using ISA server software signatures can be easily blocked , although i am not also a MS lover but like ISA block MSN n Yahoo it can also block any application on client side ...
have a look into thi s .. you can try this solutioin on VM LAb ................

But if you are using the gr8 linux solutions will be different ...............................
-
Raheel Ahmad


Return to “Security”

Who is online

Users browsing this forum: Google [Bot] and 1 guest