DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th January 2009
jleal jleal is offline
Real Name: Chuy
Port Guard
 
Join Date: May 2008
Location: Boca del Rio
Posts: 11
Default Network Sniffing

I have a FBSD updated box 7.1 stable acting as a gateway of 100 pcs , using ipfw , natd , squid .

Is there any way to detect or prevent network sniffing by the clients?

I have heard about using and IDS , are there other efective tecniques?

thanks in advance!
Reply With Quote
  #2   (View Single Post)  
Old 1st February 2009
Darwimy Darwimy is offline
Port Guard
 
Join Date: Jun 2008
Location: Germany
Posts: 36
Default

If the client does passive scanning it will be hard to prevent and detect this. But there are some limitations for the clients: If you use a switched network, they will only see traffic going the their own machines. To use a capturing software they usually need to be root / administrator. If you restrict the clients to ordinary users, it will be hard to start the capturing software.

However, if they are able to start software as root / administrator (i.e. by eploiting the local machine, password guessing etc.) they can capture network traffic. This is also true if they can just plug-in their own computer (i.e. a private laptop). They can use a technique called ARP-poisoning then to redirect traffic from other machines to their client.

The latter should be detected by IDS software like snort or others. It may also be able to detect the addition of new hosts to the network.
Reply With Quote
  #3   (View Single Post)  
Old 4th February 2009
jleal jleal is offline
Real Name: Chuy
Port Guard
 
Join Date: May 2008
Location: Boca del Rio
Posts: 11
Default thanks!

thanks for answering i will try an ids! i ll tell you what happened!
Reply With Quote
  #4   (View Single Post)  
Old 25th January 2010
SteveJones SteveJones is offline
New User
 
Join Date: Dec 2009
Posts: 2
Default

Nmap has a script called sniffer-detect that looks for network cards that are in promiscuous mode. I understand there's other ways to sniff traffic without putting your NIC in promiscuous mode but this script might give you a quick idea what's going on.

Last edited by SteveJones; 25th January 2010 at 07:12 PM.
Reply With Quote
  #5   (View Single Post)  
Old 25th January 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Just FYI, you are replying to a thread that is almost a year old
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #6   (View Single Post)  
Old 25th January 2010
SteveJones SteveJones is offline
New User
 
Join Date: Dec 2009
Posts: 2
Default

lol

That's ok just thought I would put my .2 cents in

Nice site here by the way.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem Network (3.1, 4, 5) ahlsner NetBSD General 13 6th August 2009 09:29 PM
Network bottleneck mapcorp OpenBSD General 2 29th June 2009 08:24 PM
What's up with O'Reilly Network? ocicat Off-Topic 3 22nd June 2008 12:05 PM
How do I get network logs? Johnny2Bad FreeBSD General 2 22nd May 2008 05:37 PM
Windows network PatrickBaer FreeBSD General 3 19th May 2008 02:23 PM


All times are GMT. The time now is 06:14 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick