Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
my lan is full of people runin sniffers watching each other..
just wanted to ask how to stop them or just know who is running them..
:S
hope some one could give me a solution..
NOTE:most of the sniffin is sniffin on irc connections..
I am not sure about this(read sometime back) but if you
send a fake echo message to broadcast with a non-existing
MAC address then only those ip's will response to it which are
in promiscous mode.....how to do it is beyond me ....
"While Neped cannot guarantee to discover the sniffer (a sniffer can be a non-Linux machine, a Linux running patched kernel that does not have this flaw or a Linux machine that has ARP disabled), it is useful addition to any security toolbox.??"
any way..
can u give me links ....
there are a couple of ways to try to detect a sniffer. the couple i know of are:
1- send a ping with an non existant MAC but the ip of a host that you think is sniffing (or all the hosts). the sniffer host should reply
2 - (as mentioned) send a non existant MAC on a broadcast ip
there are a few more test, but i can remember.
unfortunaly, there is not guarentee that you can detect it. You can turn off icmp, which would prevent those. Or, you can have a cable that doesn't have the transmit cable hooked up.
the best solution (if you own the network) is to run a switched network. this is a lot safer then you can run something like arpwatch to detect arp spoofing and log bad MAC addresses to detect an mac table flood.
I think the only way to stop sniffing is using a ssh connection or pgp or some encryption program. For e-mail I know yahoo supports this and I think hotmail does also. I think the next version of gaim is supposed to support encryption also. but the person you im must have the key.
Other than that don't do any thing you don't want sniffed. Or theres always dialup, they would have a hard time finding you.
___________________________________
Don't make me go back, I'd rather marry my ex-wife
the two ways to switch a switch are:
1- arp spoof as the gateway, then see all the traffic to the gateway
2- flood the MAC table in the switch which causes it to fail into open mode (like a hub)
the tools you mention use one of these two methods. these can be detected by looking for arp spoofing (arp watch) and looking for bad MACs on the network (ie your sniffer).
And as always, clear text protocols are BAD. But if you have to use irc, there isn't much else you can do.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.