On Fri, 3 Nov 1995, Bob Bosen wrote:
>
> All this discussion about sniffers has prompted me to accelerate the
> following announcement:
>
> Enigma Logic's www page, under development for the past several weeks,
> is now up and running at:
>
> http://www.safeword.com
>
> It has a lot of links to firewall-related stuff, and offers the ability
> to instantly download free demonstration versions of SafeWord's software-
> based, non-replayable dynamic password system. This is not full encryption,
> but it offers very good protection against unathorized breakins, even if
^^^^^^^^^^^
Uhh,
Is there any other kind? Or are you the chief head director of the
Department of Redundancy Department?
> sniffers are capturing and compromising conventional passwords. It has
> interfaces to TACACS, TACACS+, RADIUS, and to several commercial and/or
> public-domain firewall packages.
>
> This web page is still under development, and I don't know for sure how
> our 128K ISDN link will stand up to the strain if everybody tries to
> access at once, but I'd like to get some feedback. I hope you like it.
>
>
>
> Bob Bosen
> Enigma Logic Inc.
> 2151 Salvio St. #301
> Concord, CA 94520
> USA
>
> Tel: +1 510 827-5707
> Internet: bbosen @
netcom .
com
> anonymous ftp archives: ftp.safeword.com /pub/Safeword
> **************************************************************************
> * "It wasn't me!!! Somebody must have captured my username/password!!!" *
> **************************************************************************
>
> On Mon, 30 Oct 1995 Mark_W_Loveless @
smtp .
bnr .
com wrote:
>
> > 1 - You assume Unix in most cases. Non-IP cards can still get stuff,
> > even from IP stations, when in promiscuous mode. You're talking raw
> > packets here.
> >
> > 2 - Most cards have built into them the ability to report total
> > packets received (and passed up the OSI chain). These usually are not
> > protocol dependent. Certain IPX calls can retrieve this data (the IPX
> > Responder code, used for diagnostics).
> >
> > 3 - Bay Systems 5000 concentrators can detect and PARTITION OFF an
> > unauthorized sniffer.
> >
> > Mark
> >
> >
> > ______________________________ Reply Separator _________________________________
> > Subject: Re: How protect against sniffers?
> > Author: mcn @
EnGarde .
com at internet
> > Date: 10/29/95 11:21 PM
> >
> >
> > In article <Pine .
SUN .
3 .
91-heb-2 .
05 .
951028191421 .
10343A-100000 @
actcom .
co .
il> you
> > write:
> > >
> > >>> in these day I've found several students using sniffers programs...How can I
> > >>> protect my systems? Can you suggest me any source of informations about
> > >>> sniffers programs?
> >
> > >Kerberos and S/key makes sniffing more or less obsolete.
> > >In addition you could code a program to scan for a promiscuous mode and
> > >alert the admins if found..
> >
> > Kerberos and S/Key (or smartcards) do *NOT* make sniffing obsolete. See
> >
> > http://www.engarde.com/software/ipwatcher
> >
> > for a product which (while not it's intended purpose) can hijack S/Key or
> > Kerberos authenticated sessions.
> >
> > Full encryption or packet-level authentication is the only way to go, and
> > this will continue to be the case for the foreseeable future. There are several
> > good packages which will help protect from sniffing and the IP spoofing family
> > of attacks.
> >
> > 1) Kerberos: but MAKE SURE Encryption is not only the default, but it's
> > enforced. Unfortunately, Kerberos (and it's related tools) seem to only turn
> > on encryption if the user specifies some obscure flag (which is most likely
> > rarely the case). The latest telnet daemon (94.02.07) allows the admin to
> > force all incoming connections to be encrypted and authenticated. This is
> > a step in the right direction!
> > ftp://aeneas.mit.edu/pub/kerberos{README.KRB4, README.KRB5_BETA5}
> >
> > 2) STEL: This was probably the first stand-alone encryption connection package
> > out, and looked promising at the time. A paper was presented on it at Usenix
> > '95, and it went through the proper beta-testing cycle. (It had around 100
> > very reputable people looking through the source). After Usenix, updates
> > to STEL seemed to stop...
> > ftp://idea.sec.dsi.unimi.it/pub/security/cert-it/{STEL.ps, f95_stel.ps, stel}
> >
> > 3) SSH: This has a lot more features than STEL and the author is very
> > responsive if any problems are found. Fortunately (or unfortunately), many are.
> > I remember one weekend when 3 versions were released in a matter of hours.
> > :-) I'd definitely suggest picking this package up--it supports encrypted
> > X displays among other nice things.
> > ftp://ftp.cs.hut.fi/pub/ssh/{README, ssh-1.2.0.tar.gz}
> >
> > As for more information on sniffers, Chris Klaus ocasionally posts a
> > sniffer FAQ to the comp.security.* newsgroups.
> > http://www.iss.net/iss/addsec.html
> >
> > Hope that's helpful!
> >
> > -Mike Neuman
> > mcn @
EnGarde .
com
> > http://www.engarde.com
> >
> >
>
Follow-Ups:
References:
|
|
