How to Silently trace if someone is SNIFFING my Network?
Results 1 to 10 of 10

Thread: How to Silently trace if someone is SNIFFING my Network?

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    18

    How to Silently trace if someone is SNIFFING my Network?

    HI, I have an NT4.0 network and I want to "silently" know if someone is "Sniffing" my network and catch him red handed or atleast to know where the sniffing has initiated from , how long it ran , which sniffer utility or program was used etc etc.........

    THanx in advance

  2. #2
    Junior Member
    Join Date
    Sep 2002
    Posts
    19
    isnt that possible with a firewall like Norton internet security ...

    i know also a proggie , that i think would do the trick its called attacker .
    You can find it at http://www.foundstone.com

  3. #3
    Member
    Join Date
    Sep 2002
    Posts
    98
    there is no easy way of detecting such attacks however there are some ways of detecting promiscuous nodes on the network that need packet editing,i have to know what operating systems you use on the network (i know you have said that you use NT but do you use other operating systems or other versions of windows ( 9X,2000) too or not)
    ---------------------------------------------------------------------------------------------------------------

  4. #4
    Junior Member
    Join Date
    Oct 2002
    Posts
    18
    well, I have 7 computer labs to look for and yes I have 2 of 7 labs using windows2000 clients and all other labs using win NT4.0 clients and all servers are windows NT4.0.

    Any perfect anti-sniffing or sniff detector software or any other strategy to sniff out the sniffing software??

    PLz help..........

  5. #5
    Member
    Join Date
    Sep 2002
    Posts
    98
    some toolz:

    http://www.l0pht.com/antisniff/
    http://www.securityfriday.com/ToolDo...iscan_003.html

    the attachment is a pdf file about sniffing and detection of promiscous mode on local networks
    i thought you might like to take a look at it.


    ------------------------------------------------------------------------------------------------------------------------

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    AntiSniff is a very useful program but anybody knowing exactly how it works can, with some knowledge, bypass it.
    The best way to protect you efficiently is to monitore by yourself your network activity (keep an eye on arp packets) and to....sniff it!
    Somebody sniffing your network will probably try to do more. He will try especially to forge false packets (hi-jacking) and to use non well protected passwords. Doing this he could reveal all to another sniffer (you).

    To simplify your task you could create an honeypot.
    Life is boring. Play NetHack... --more--

  7. #7
    all u need 2 do m8 is download a exe that gives out a fake isp address i can not rember wat it is called but it is gud 2 have. And dl norton firewall or zonealarm i use em both and they r gud u can crack zonealarm so u dont have 2 buy it or owt lol. ;-)

  8. #8
    Junior Member
    Join Date
    Oct 2002
    Posts
    18
    To simplify your task you could create an honeypot.


    What is a "Honeypot?

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Lightbulb HoneyPots

    amir4u:

    A "honeypot" (in laymen's terms) is pretty much a server or computer set aside from your network which purpose is merely to act as "bait". You don't really work on this server or pc, rather, just set up an IDS, a packetsniffer, firewall, etc. etc. But it goes like this: An attacker scans your network, see's that one of the PC's are valnuable (the honeypot), he attacks it/hacks it/whatever, you get his IP address, and turn him in.

    Read this thread for more information on what more you can do with honeypots, and a more in-depth approach to them.
    ...This Space For Rent.

    -[WebCarnage]

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    If I remember right, AntiSniff works by checking if certain hosts' stack "involuntairely" responds to certain packets that are not addressed to it's real IP but that it still gets because in promiscuous mode. "Workarounds": neutered (no transmit) NIC or cable, modified stack...


    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •