![]() |
|
|||
![]()
I have a FBSD updated box 7.1 stable acting as a gateway of 100 pcs , using ipfw , natd , squid .
Is there any way to detect or prevent network sniffing by the clients? I have heard about using and IDS , are there other efective tecniques? thanks in advance! |
|
|||
![]()
If the client does passive scanning it will be hard to prevent and detect this. But there are some limitations for the clients: If you use a switched network, they will only see traffic going the their own machines. To use a capturing software they usually need to be root / administrator. If you restrict the clients to ordinary users, it will be hard to start the capturing software.
However, if they are able to start software as root / administrator (i.e. by eploiting the local machine, password guessing etc.) they can capture network traffic. This is also true if they can just plug-in their own computer (i.e. a private laptop). They can use a technique called ARP-poisoning then to redirect traffic from other machines to their client. The latter should be detected by IDS software like snort or others. It may also be able to detect the addition of new hosts to the network. |
|
|||
![]()
thanks for answering i will try an ids! i ll tell you what happened!
|
|
|||
![]()
Nmap has a script called sniffer-detect that looks for network cards that are in promiscuous mode. I understand there's other ways to sniff traffic without putting your NIC in promiscuous mode but this script might give you a quick idea what's going on.
Last edited by SteveJones; 25th January 2010 at 07:12 PM. |
|
|||
![]()
lol
That's ok just thought I would put my .2 cents in ![]() Nice site here by the way. |
![]() |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Problem Network (3.1, 4, 5) | ahlsner | NetBSD General | 13 | 6th August 2009 09:29 PM |
Network bottleneck | mapcorp | OpenBSD General | 2 | 29th June 2009 08:24 PM |
What's up with O'Reilly Network? | ocicat | Off-Topic | 3 | 22nd June 2008 12:05 PM |
How do I get network logs? | Johnny2Bad | FreeBSD General | 2 | 22nd May 2008 05:37 PM |
Windows network | PatrickBaer | FreeBSD General | 3 | 19th May 2008 02:23 PM |