On Wed, 2 Mar 2005, David Mandelberg wrote: > s. keeling wrote: > > Isn't it generally accepted that black hats who get local access (ie., > > a user login account) is _much_ worse than black hats who've been kept
anybody and everybody has "local access" with or without permission > > out? Assuming black hat wants root, taking over a user's account is a > > very big first step. that's trivial to do ... assuming you allow anybody to reboot a pc and how do you know that a machine has been rebooted or even init 1, and back up into root and never been rebooted == == all bets are off when you have "local access" as there is not way to == protect against it and no way to prevent it other than a slapp on the == fingers .. naughty .. naughty .. == > > I would take the security of your user's accounts much more seriously > > if I were you. If your users are leaving the door open, sooner or > > later someone much worse than the paper boy is going to come stumbling > > in. assuming they are not already in ... and is quietly watching promiscuos mode .. - your sniffer might need/want promiscuous mode, but the other 10, 100 machines you are sniffing will not, should not be in promiscuous mode = why make things difficult ?? - just be root if you wanna sniff - legal issues - regular users should never be sniffing, as they may or may not be authorized by the company to be reading other peoples emails and who they are tcp/ip'ing or udp'ing with - make sure, that you have the legal authority to be sniffing BEFORE you do anything like sniffing, as people seems sensitive about you finding out that they go those kinds of websites and have a mistress on the side .. etc .. etc sniffers: http://linux-sec.net/Sniffers i like pfilt.pl ... anybody, non-techies can use it and sniff which makes it easy for the manager in charge to see "oh shit" and cut a check to go fix the insecure network problems no more telnet, no more pop3, no more wireless, no more anything that is insecure - sniffer detectors ... - how do you know you are being sniffed?? i don't think you can see/find other sniffers for multiple reasons - always assume you are being sniffed 24x7 from anywhere in the world and act accordingly - a sniffer does NOT have to be local to the network in the switch of your office c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]