Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AW: How to stop Admins from sniffing ?

from [Bryan S. Sampsel] Network Security [Permanent Link]
Subject: Re: AW: How to stop Admins from sniffing ?
Date: Fri, 28 Jul 2006 08:32:21 -0600 (MDT) 
Hey List

I work in a small organisation and the system and network administrators
here are constantly monitoring all data in the network. I have seen them
running Etherreal on their systems and from their talks i am sure that
they know who is doing what. I m using windows XP and i have a personal


I think some folks are forgetting that there are non-security reasons to
sniff traffic as a Sys Admin.  The foremost reason is troubleshooting. 
Sometimes, the only way to figure out what is really going on is to see
what the client and server are "saying" to each other.  I've used that
method myself many times to fix problems that had the vendor scratching
their head.

That said, if the IDS picked up some suspicious behavior or someone is
performing a simple network IP usage audit (ping-sweep), than port scans
have their usage in determining if you have a false positive or if an IP
is in use and by whom.


From a "watch everything perspective" -- it's simply not feasible in most

shops in terms of man hours.  Most of us have to let the automated tools,
such as Snort, distill the volume of traffic down and alert us to the
suspicious issues.  Then, we are obligated to check each and every one of
those distilled issues out.  And it's even easier to prevent people from
getting to sites than punishing them afterwards.

Do you have Sys Admins abusing Ethereal?  Hard to say...you sound like a
junior level IT guy without a lot of priveleges.  I'm not knocking you,
but pointing out how you sound in the email.

If you're going to forbidden sites, even if the payload is encrypted via
SSL or SSH, you are going to get caught.  Those packets do contain
information about your source/destination traffic that Ethereal and IDS or
PRoxy solutions will spot.

What little you described doesn't disturb me.  There's simply not enough
information.

Sincerely,

Bryan S. Sampsel
LibertyActivist.org




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: no daemons listening and errata updates (secure or not?), Michael Boman
Next by Date:  Re: Deny client from obtaining IP address, Nathan Sportsman
Previous by Thread:  RE: How to stop Admins from sniffing ?, Weir, Jason
Next by Thread:  AW: How to stop Admins from sniffing ?, Christian . Assfalg
Indexes:  [Date] [Thread] [Top] [All Lists]