Home page logo

basics logo Security Basics mailing list archives

RE: How to stop Admins from sniffing ?
From: "Weir, Jason" <jason.weir () nhrs org>
Date: Fri, 28 Jul 2006 08:28:16 -0400

I guess I have to think more globally.  I was basing my comments on U.S. case law

See the following site


So as you said it does depend on your specific country's laws.

I disagree with you on one other point. I regularly do port scans of my client PCs and my server and network equipment 
as well, it shows me when a rogue web\ftp\telnet\smtp\.... server shows up.

As a network security administrator I take it as my responsibility to know the purpose of every packet that goes across 
the wire.  I cannot do that unless I watch what's going on.  With the abundance of spyware\viruses\trojans\etc that 
infect our client PCs it becomes even more imperative that you watch ALL client traffic.

My question to you would be this.  What activities are you engaging in at work that you would not want your network 
security people to be aware of.  I understand the uneasy feeling that you get when you feel like you are being watched 
but understand that some of this is necessary.  

I give the following advice to my users, if you are using company assets don't do anything that you would not want your 
grandmother to watch you do..



-----Original Message-----
From: Christian.Assfalg () bc boehringer-ingelheim com [mailto:Christian.Assfalg () bc boehringer-ingelheim com] 
Sent: Friday, July 28, 2006 4:32 AM
To: Weir, Jason; security-basics () securityfocus com
Subject: AW: How to stop Admins from sniffing ?

Well, they don't.

At least not neccesarily. In Germany, for example, there are a number of laws against monitoring of user activity. You 
can not simply read someones emails for example, unless you have a specific reason for it, and the works council agrees.

Similar things apply to auditing and monitoring and stuff like that. As soon as user behaviour is concerned, the works 
council has to agree. I am no lawyer or data privacy professional so I may be wrong, but that's what I think is the 
situation in Germany, and soon-to-be in the whole European Union. I guess those laws are not so strict in America, but 
I don't think you can simple watch "everything" someone does.

I'd say it depends on the laws of the country you work in, and the agreements you siged with your employer.

Personaly, I don't see why a security professional would want to do a portscan on some client PC, or why someone would 
want to monitor every network package. That should be quite a lot, so it is a lot of work. Haven't they got other 
(better) things to do?

If Jeff would realy want to hide something, then well - that's his problem. But I would not be very comfortable with 
this situation as well. We don't live in the world of "1984", do we?

-----Urspr√ľngliche Nachricht-----
Von: Weir, Jason [mailto:jason.weir () nhrs org] 
Gesendet: Donnerstag, 27. Juli 2006 18:12
An: security-basics () securityfocus com
Betreff: RE: How to stop Admins from sniffing ?


My first question would be why would you want to stop them..  Any
competent IT security professional will be and should be monitoring
anything and everything that goes across their wire.  In my opinion that
is their job.

If you are trying to hide something that's a different story.  If its
web traffic you can use an hppts connection to one of the many
anonymizer services out there.  Ethereal would only show encrypted
packets to\from the anonymizer site and not reveal the actual site you
are going to.  This would prevent network sniffing of web traffic only.
There are many other ways to see what's going on..

It sounds like you have a privacy issue but if you are using company
equipment and services you have no expectation of privacy and they have
every right to monitor everything you do

Jason Weir
Systems Administrator
New Hampshire Retirement System

-----Original Message-----
From: swap_tek () yahoo co uk [mailto:swap_tek () yahoo co uk] 
Sent: Wednesday, July 26, 2006 1:14 AM
To: security-basics () securityfocus com
Subject: How to stop Admins from sniffing ?

Hey List

I work in a small organisation and the system and network administrators
here are constantly monitoring all data in the network. I have seen them
running Etherreal on their systems and from their talks i am sure that
they know who is doing what. I m using windows XP and i have a personal
firewall installed which pop's up every few minutes saying that there is
a port scan attack going on. And when i looked up that IP address it
belongs to tbe system being used by the administrator. I have tried
talking to my bosses about this but not happened ( maybe the admins
convinced them that they are not doing anything like that or its
happening by bosses permisson).  i know since they are in same network
as me its easy for them to sniff all traffic and everything.

What i want to know from you ppl is that is there is anyway way to stop
this ? is it possible for me to encrypt all traffic going out from my
system ? 

I have never used a Anti-Sniffer but can they help ? any way out ?

Thanks in advance


This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]