LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Internet Security Class (http://www.linuxquestions.org/questions/linux-security-4/internet-security-class-681609/)

metallica1973 11-06-2008 03:24 PM

Internet Security Class
 
I will be taking a class soon on internet security and was asked the other day this question and I couldn't confidently answer the question:

A cracker who has phished information about you has discovered the ISP that you are using and your public ip address. Let say you are sending unencrypted email to an external smtp server, how would a cracker intercept the traffic and analyze it? how would that be done from the crackers computer?

rossonieri#1 11-06-2008 03:55 PM

hi metallica,

so ... what was your answer that made you feel so unconfident?
i think its fun ... let me hear your story and your analysis to your answer.

metallica1973 11-06-2008 04:10 PM

I am saying this hesitantly. I would imaging using some type of sniffing program associating it to that victims public ip address and using a analyzer like wireshark to analyze the data. I am having trouble picturing how it would be done coming from someone who has no experience in that arena. My under study is network security so bare with me.

rossonieri#1 11-07-2008 01:32 AM

hi,

actually, i'm a bit un-confident too when discussing security-related things in public area - so we have to be carefully limit our conversations :)

ok ... sniffing - that is a good approach.

and now, i think we must stop here - no offense, but you can always discuss any security-related thing in a closed study-group (eg. your classroom) and guided by your instructor - so you can understand exactly what you are/will doing.

win32sux 11-07-2008 01:45 AM

It's fine if you guys want to discuss possible answers to the question from the OP. This type of discussion benefits legitimate system administrators. All I ask is that you don't get into specifics - keep things theoretical. And please provide a brief overview on how to protect against the method of attack you are describing, if possible. Personally, I don't see how a bad guy suddenly finding out our ISP and public IP address would give him any substantial edge when it comes to intercepting our traffic. We should have been operating under the assumption that this information was available to him all along. Perhaps I'm not understanding the question properly.

OlRoy 11-07-2008 07:05 AM

The biggest problem with an attacker doing this is she probably isn't in the path the data is traveling so using a packet sniffer won't do any good...

Unless she can get the traffic to come to her with DNS cache poisoning or by compromising a router such as the targets default gateway, and forwards traffic to her computer. More reason to keep up-to-date with your patches.

metallica1973 11-07-2008 10:19 PM

So DNS poisoning would be one method and redirection of traffic. So as far as sniffing is concerned it would have to be done locally and physically on the network?


All times are GMT -5. The time now is 11:43 AM.