Security Basics mailing list archives
RE: How to stop Admins from sniffing ?
From: "Jeffrey Wei" <jeffrey.wei () cubic com>
Date: Tue, 8 Aug 2006 15:09:35 -0700
Forgive me for being naïve here, but how can you avoid sniffing with a HUB when you have no access to the server room? (I'm assuming the OP is not part of the domain admins staff member), but just your average employee. Even if you do have access to plug into one of the port switches in the server room, it is very likely that the Admins who are sniffing will have a hub or switch with port span situated at the primary level juncture of the AP he/she is using and thus by plugging your Hub at any other switch port is meaningless as all traffic will be captured anyways. Jeff -----Original Message----- From: Micheal Espinola Jr [mailto:michealespinola () gmail com] Sent: Tuesday, August 08, 2006 7:39 AM To: security-basics () securityfocus com Subject: Re: How to stop Admins from sniffing ? There's always the method connecting an intermediary hub on the switch port as well - if the switch doesn't have a spanning feature. I have a USB-powered hub glued to the back of the laptop for this very purpose. On 7/30/06, Murda Mcloud <murdamcloud () bigpond com> wrote:
If they're doing as much sniffing as you think then they'd prob pickup that your traffic is encrypted and start sniffing further. Encrypted traffic looks different to normal traffic. If they can't decode it\'read' it with ethereal then they will wonder why etc...and if it's part of their job then well, that's what they're meant to do...switches are one way of minimizing sniffing but even then spanning ports can get round this. -----Original Message----- From: cc [mailto:cc () belfordhk com] Sent: Friday, July 28, 2006 12:29 PM To: security-basics () securityfocus com Subject: Re: How to stop Admins from sniffing ? Didn't you write?:I work in a small organisation and the system and network administratorshere are constantly monitoring all data in the network. I have seen them running Etherreal on their systems and from their talks i am sure that they know who is doing what. I m using windows XP and i have a personal firewall installed which pop's up every few minutes saying that there is a port scan attack going on. And when i looked up that IP address it belongs to tbe system being used by the administrator. I have tried talking to my bosses about this but not happened ( maybe the admins convinced them that they are not doing anything like that or its happening by bosses permisson). i know since they are in same network as me its easy for them to sniff all traffic and everything.This all depends entirely on your company's policies (computer or otherwise). Are the Sys and Net admins sanctioned by the management to administer these monitors? You are, after all, working in a company and not at home and thusly, you'd have to follow the rules and regulations as dictated by your company. I am assuming that the computer you are using is company property. In my company, employees are not told they can't bring their own notebooks; but they are strictly prohibited in plugging it into the company network. The moment they do that, it is a breach in the network. Also, by encrypting your traffic, and knowing your sys/net admins are watching, would you not think they'd suspect something is wrong and take it as their job to investigate the reasons for your secrecy? You are doing company-work, are you not? They know your job nature. If you feel that your job requires encrypted traffic, then it is in your best interest to talk to the sys/net admins and the management.What i want to know from you ppl is that is there is anyway way to stopthis ?is it possible for me to encrypt all traffic going out from my system ?Take it up with the management and the sys/net admins. It really isn't our place to circumvent whatever computer system policies and protections you have going in your company. Edmund --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- ME2 --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --- [This E-mail scanned for Spam and Viruses by http://www.innovationnetworks.ca] --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: How to stop Admins from sniffing ? Micheal Espinola Jr (Aug 08)
- Re: How to stop Admins from sniffing ? Michael Krymson (Aug 10)
- <Possible follow-ups>
- RE: How to stop Admins from sniffing ? Jeffrey Wei (Aug 09)
- Re: RE: How to stop Admins from sniffing ? krymson (Aug 14)
- Re: RE: How to stop Admins from sniffing ? flur (Aug 16)
- RE: RE: How to stop Admins from sniffing ? Corbett, Tim D. (TD) (Aug 17)