All this discussion about sniffers has prompted me to accelerate the
following announcement:
Enigma Logic's www page, under development for the past several weeks,
is now up and running at:
http://www.safeword.com
It has a lot of links to firewall-related stuff, and offers the ability
to instantly download free demonstration versions of SafeWord's software-
based, non-replayable dynamic password system. This is not full encryption,
but it offers very good protection against unathorized breakins, even if
sniffers are capturing and compromising conventional passwords. It has
interfaces to TACACS, TACACS+, RADIUS, and to several commercial and/or
public-domain firewall packages.
This web page is still under development, and I don't know for sure how
our 128K ISDN link will stand up to the strain if everybody tries to
access at once, but I'd like to get some feedback. I hope you like it.
Bob Bosen
Enigma Logic Inc.
2151 Salvio St. #301
Concord, CA 94520
USA
Tel: +1 510 827-5707
Internet: bbosen @
netcom .
com
anonymous ftp archives: ftp.safeword.com /pub/Safeword
**************************************************************************
* "It wasn't me!!! Somebody must have captured my username/password!!!" *
**************************************************************************
On Mon, 30 Oct 1995 Mark_W_Loveless @
smtp .
bnr .
com wrote:
> 1 - You assume Unix in most cases. Non-IP cards can still get stuff,
> even from IP stations, when in promiscuous mode. You're talking raw
> packets here.
>
> 2 - Most cards have built into them the ability to report total
> packets received (and passed up the OSI chain). These usually are not
> protocol dependent. Certain IPX calls can retrieve this data (the IPX
> Responder code, used for diagnostics).
>
> 3 - Bay Systems 5000 concentrators can detect and PARTITION OFF an
> unauthorized sniffer.
>
> Mark
>
>
> ______________________________ Reply Separator _________________________________
> Subject: Re: How protect against sniffers?
> Author: mcn @
EnGarde .
com at internet
> Date: 10/29/95 11:21 PM
>
>
> In article <Pine .
SUN .
3 .
91-heb-2 .
05 .
951028191421 .
10343A-100000 @
actcom .
co .
il> you
> write:
> >
> >>> in these day I've found several students using sniffers programs...How can I
> >>> protect my systems? Can you suggest me any source of informations about
> >>> sniffers programs?
>
> >Kerberos and S/key makes sniffing more or less obsolete.
> >In addition you could code a program to scan for a promiscuous mode and
> >alert the admins if found..
>
> Kerberos and S/Key (or smartcards) do *NOT* make sniffing obsolete. See
>
> http://www.engarde.com/software/ipwatcher
>
> for a product which (while not it's intended purpose) can hijack S/Key or
> Kerberos authenticated sessions.
>
> Full encryption or packet-level authentication is the only way to go, and
> this will continue to be the case for the foreseeable future. There are several
> good packages which will help protect from sniffing and the IP spoofing family
> of attacks.
>
> 1) Kerberos: but MAKE SURE Encryption is not only the default, but it's
> enforced. Unfortunately, Kerberos (and it's related tools) seem to only turn
> on encryption if the user specifies some obscure flag (which is most likely
> rarely the case). The latest telnet daemon (94.02.07) allows the admin to
> force all incoming connections to be encrypted and authenticated. This is
> a step in the right direction!
> ftp://aeneas.mit.edu/pub/kerberos{README.KRB4, README.KRB5_BETA5}
>
> 2) STEL: This was probably the first stand-alone encryption connection package
> out, and looked promising at the time. A paper was presented on it at Usenix
> '95, and it went through the proper beta-testing cycle. (It had around 100
> very reputable people looking through the source). After Usenix, updates
> to STEL seemed to stop...
> ftp://idea.sec.dsi.unimi.it/pub/security/cert-it/{STEL.ps, f95_stel.ps, stel}
>
> 3) SSH: This has a lot more features than STEL and the author is very
> responsive if any problems are found. Fortunately (or unfortunately), many are.
> I remember one weekend when 3 versions were released in a matter of hours.
> :-) I'd definitely suggest picking this package up--it supports encrypted
> X displays among other nice things.
> ftp://ftp.cs.hut.fi/pub/ssh/{README, ssh-1.2.0.tar.gz}
>
> As for more information on sniffers, Chris Klaus ocasionally posts a
> sniffer FAQ to the comp.security.* newsgroups.
> http://www.iss.net/iss/addsec.html
>
> Hope that's helpful!
>
> -Mike Neuman
> mcn @
EnGarde .
com
> http://www.engarde.com
>
>
Follow-Ups:
|
|
