Topic: Sniffer Protection

[multicalidad]

I am new to SME server 7.5.1 but have I have installed it succesfully.  How can i use it to stop sniffing programs from monitoring my network?  What do I need to do?
Thank you

[chris burnat]

I am new to SME server 7.5.1 but have I have installed it succesfully.  How can i use it to stop sniffing programs from monitoring my network?  What do I need to do?
Thank you

You need to tell us a little more about your issue.  What sort of sniffing programs, and where are they coming from?  How did you configure your SME server? If you wish to protect yourself from intruders coming from the Internet onto your local network, use you SME server as your Gateway to the Internet. The inbuild firewall will protect you from intruders if the server if kept to its default settings.

Moving to General Discussions.

[multicalidad]

A few days ago I noticed that my MSN chat sessions where being monitored by a remote person.  I was having a conversation with a friend of mine and suddenly he entered the chat session by writing things on behalf of my friend.  Whe she logged out her username became active again and this guy starting chatting with me using her account.  Two days ago another friend of mine received portions of my chat sessions along with emails that were stored in my account. 
I then started to suspect that my chat sessions where being monitored and that my hotmail account had been hacked. 

I had a simple conection consisting of a cable modem hooked up to a basic home router. I use a laptop that accesses the router through WiFi. I also have a desktop hooked by ethernet cable.

Since that incident I decided to improve my security so I installed SME server 7.5.1. The cable modem is now installed directly to SME server which in turn is hooked uo the home router.

I think this guy used a MSN sniffer program of some sort to see the network traffic and perhaps steal my email password.

I just want to know if SME Server can protect my network from sniffing programs and what other things can be done to improve network security.

I live in Honduras but I suspect that the attack may have come from Colombia. What knowledge must this person have in order to do this?

Also I suspect that this monitoring has happened for quite sometime. 

Any advice and ideas you might have can be useful to me.

Thank you!

[chris burnat]

Any advice and ideas you might have can be useful to me.
Thank you!

Where to start....  SME server cannot protect you from the sort of things you describe.  MSN (as is most chat channels) is probably VERY insecure to start with.  Usual advice, use strong password etc, not sure if it will help.  Use a better mean of communication if you can.

[CharlieBrady]

Use a better mean of communication if you can.

Avoid using Windows if possible. If you must use Windows, keep it updated.

I think for 'sniffer' you might mean 'key-logger'. SME server cannot protect you from malware being installed in your Windows machines.

[cactus]

I then started to suspect that my chat sessions where being monitored and that my hotmail account had been hacked. 

I suspect they somehow got access to your system and installed malware/keylogger or a trojan horse. The risk should be minimized by a good virus scan, Do you have one installed on your system?

I had a simple conection consisting of a cable modem hooked up to a basic home router. I use a laptop that accesses the router through WiFi. I also have a desktop hooked by ethernet cable.

Is the network shielded from the internet by a firewall or are the systems all running their own firewall? Is your wireless connection encrypted?

Since that incident I decided to improve my security so I installed SME server 7.5.1. The cable modem is now installed directly to SME server which in turn is hooked uo the home router.

I hope you are running in server-gateway mode, otherwise this does not help you much.

I just want to know if SME Server can protect my network from sniffing programs and what other things can be done to improve network security.

No. As Charlie already said SME Server can not protect you from sniffers. It does however provide a firewall that can already keep a lot off people out, but protection like this is normally done using firewalls, virusscans and unfortunately user discipline. Do not download from unknown sources, scan your downloads before running them. If in doubt do not use it.

I live in Honduras but I suspect that the attack may have come from Colombia. What knowledge must this person have in order to do this?

I doubt you can back that up with arguments and proof, since you seem to lack a lot of knowledge on security and intrusion protection.

Any advice and ideas you might have can be useful to me.

Yup a decent firewall and a good virussscan as already stated.

To make sure your system is clean I suggest you run HitManPro or Malwarebytes Anti-Malware to see if your systems are still infected.

[multicalidad]

Thank you for your response.

I suspect they somehow got access to your system and installed malware/keylogger or a trojan horse. The risk should be minimized by a good virus scan, Do you have one installed on your system?


I have run virus scan using Avast antivirus and AVG (both free editions)  No malware or keyloggers have been detected.

Is the network shielded from the internet by a firewall or are the systems all running their own firewall? Is your wireless connection encrypted?


The network was not shielded before how ever each computer had firewalls.  Both were using Windows Firewall. Now it is when I installed SME server so its expected to improve the security on my network.

I hope you are running in server-gateway mode, otherwise this does not help you much.

It is running in gateway mode ever since I installed it.

No. As Charlie already said SME Server can not protect you from sniffers. It does however provide a firewall that can already keep a lot off people out, but protection like this is normally done using firewalls, virusscans and unfortunately user discipline. Do not download from unknown sources, scan your downloads before running them. If in doubt do not use it.
 
Can someone outside my network see my MSN chat conversations even with SME server installed? Can they get my password for Hotmail etc?

I doubt you can back that up with arguments and proof, since you seem to lack a lot of knowledge on security and intrusion protection.

I understand my lack of knowledge on security and intrusion protection, thats why I ask these questions to people who have better knowledge than me. All my colombian friend conversations where copied from my MSN messenger.

Yup a decent firewall and a good virussscan as already stated.


SME Server installed in Gateway mode. Virus scan done with Avast and AVG.  I do plan to get better antiviruses. I have downloaded and ran hitman pro but has not detected anything on my laptop.

Thank you

Yes

[CharlieBrady]

Can someone outside my network see my MSN chat conversations even with SME server installed?

I don't know whether MSN chat uses encryption or not, but anyone who operates a switch or router in the internet path between your server and MSN can look at all the packets transmitted. If the traffic is not encrypted, they can read passwords. Usually it is only ISPs along the path between your server and MSN.

Can they get my password for Hotmail etc?

Again, ISPs along the path might be able to steal passwords if encryption is not used. However, most likely way for passwords to be stolen is by keylogger malware installed on Windows. If your password is weak it could be brute force guessed.

[mmccarn]

I don't know whether MSN chat uses encryption or not

I can confirm that MSN traffic is 'sniffable' - I have a 'Smoothwall Advanced' firewall at the office that gives me complete logs of all MSN chats involving anyone on the office network.

[chris burnat]

I can confirm that MSN traffic is 'sniffable' - I have a 'Smoothwall Advanced' firewall at the office that gives me complete logs of all MSN chats involving anyone on the office network.

Can you tell if passwords are encrypted?

[mmccarn]

I'm not doing ssl spoofing on my unit, so I don't get passwords.  From this post on the imspector.org website, it looks like I could do SSL spoofing, which would probably get me usernames and passwords:
http://www.imspector.org/wordpress/?page_id=89

[Stefano]

msn/hotmail suffered many times of severe security issues in the past..
I think your password has been stolen and/or your pc had been compromised..

[chris burnat]

msn/hotmail suffered many times of severe security issues in the past..
I think your password has been stolen and/or your pc had been compromised..

I think Skype is encrypted, thus potentially more secure if correct. Their chat chanel is very useful.
Check: http://www.skype.com/intl/en-us/security/detailed-security/

However, MS has just purchased Skype, so who knows what will happen with this application in the future...

[multicalidad]

Taking all this into account what I can understand is that MSN  traffic is sniffable and that a good defense would be virus scans a good fire wall and to encrypt the comunication.  How can I encrypt it?  VPN? or where can I find information on how to do it? 

Since that event I started to use Linux on all my computers except my laptop. I also stopped using MSN.   

Thank you

[johnp]

It would be the application, not the operating system that you need to worry about. I think that you'll find that most around here use a variety of os's depending upon the application or desired need.