Your ISP should periodically inspect the hosts on their LAN(s) for programs that should not be there, or programs that are running on a schedule different than that intended. A very common method of attack is to place a program on one of the ISP's hosts that record network traffic to/from hosts on the LAN. The data recorded by this type of program can be used by programs that can extract the data from the packets. The methods for getting a program onto a LAN host are numerous, and the admins of these systems have to be watchful for these programs.
The way to detect the presence of these programs is different, and depends upon the operating system. Unix systems can log the execution of all programs using "syslogd" (system logging daemon), determine what processes are running on their system using the "ps" (process status) command, and look at their logging for programs executed via "cron" (time-based process scheduler daemon), and other programs to see if anything was running that should not have been. I do not know what utilities exist in the M$ side to do this. There is a program called "Monitor" for the Mac that will display the processes running, memory used, and a number of other parameters, but it does not write its output to a log file, so you'd have to be watching the CRT to catch a sniffer in the act.
If such a program is detected on a LAN host, it should be disabled, and an effort made to determine what system attempts to make contact with it, and take the appropriate legal actions.
On 03/07/1998 02:14 AM, archimac wrote:
>Each site should take precautions to prevent packet trapping and >analysis, but don't count on it, because not all ISP personnel know how >to detect it, track it down and stop it. > >How do you prevent packet trapping and analysis? Well perhaps I should >first ask how it is done? Any url would be fine too. > >Also, I would like to get informed on how to protect a TF system from >other types of attacks too. I presume, I need to learn how to hack it >first, so that I can get ready to protect it. If you know of any sources >for this, I would appreciate that too. > > > >Greetings from Istanbul, Turkiye >Bekir Kemal Ataman <bataman@marun.edu.tr> >ArchiMac BBS Sysop
--- Daniel O'Leary, Sysop KloneZone Mac - A TeleFinder 5.6 BBS * TFDEV Network Hub 532 Verna Trail North, Fort Forth TX USA 76108 Voice=> (817)367-2558 Dial-In=> (817)367-2712 Fido=> 1:130/1015 TFNet=> klonezone.tfnet.org Inet=> kz.eaze.net www=> http://kz.eaze.net
