Security Basics mailing list archives

Re: switched n/w

From: H Carvey <keydet89 () yahoo com>
Date: 8 Dec 2004 13:57:32 -0000

In-Reply-To: <1102444223.2139.19.camel@Kaushal>

  Iam a bit new to network securities.We have a switched network and to
my knowledge a hosts' data cannot be sniffed by other host by runnning
tcpdump.But Iam receiving complaints from few users that their data is
being changed/manipulated.Is this possible?
How can I avoid this at the host level?Does this mean the server has
been compromised?Any help or pointer in this aspect would be highly
appreciated.


It sounds like you need to get more information from your users.  What do they mean when they say that their data has 
been changed?  I mention this, as it is entirely possible that there was no sniffing involved at all...one doesn't 
necessarily need to sniff the network in order to compromise a remote host, particularly when passwords are weak or 
non-existant.

H. Carvey
http://www.windows-ir.com
http://windowsir.blogspot.com

Current thread:

Re: switched n/w, (continued)
- Re: switched n/w Alexander Klimov (Dec 08)
- Re: switched n/w Grim (Dec 08)
- Re: switched n/w Jacob Weeks (Dec 08)
  - Re: switched n/w q q (Dec 09)
    - Re: switched n/w easternerd (Dec 10)
- Re: switched n/w xyberpix (Dec 09)
- RE: switched n/w Jeff Gercken (Dec 08)
- Re: switched n/w Ivan Coric (Dec 08)
- Re: switched n/w miguel . dilaj (Dec 08)
  - Re: switched n/w kaushal (Dec 08)
- Re: switched n/w H Carvey (Dec 08)
- Re: switched n/w Russell Gregg (Dec 08)