Re: sniffer black box
From: Peter Eberz (peter.eberzNOSPAM_at_gmx.net)
Date: 10/29/03
- Next message: Chuck: "Re: A Mailicious looking hack"
- Previous message: BJH: "xp password"
- In reply to: Nosnos: "sniffer black box"
- Next in thread: Nosnos: "Re: sniffer black box"
- Reply: Nosnos: "Re: sniffer black box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Oct 2003 19:37:59 +0100
Hello,
beside the technical posibilities of doing so you should consider as well
your local law on this topic before ending in jail. The regulations are
different from country to country and I am not an expert on it at all. The
legal regulations normaly limit what you are allowed to do and if you are
allowed to collect the date how long are you allowed to store it. Further,
normaly the employees must be informed that such a sniffer exists on the
network. Just to lay out a few cases to make it clear how sensitive this
topic is:
One of your colleags is sending an email to his doctor. You are not
suppost to read that nor to store this in a database where maybe someone
else can read it as well.
When you are going to log smtp traffic I don't now if you are allowed to
read the emails of your boss? If you use secured smtp there is no
information to retrieve at all except that someone sends an email.
An other issue is the security of that sniffer machine that stores all
this sensible informations. You have to secure it very well that nobody
else gets access to the collected data.
Depending on what kind of problems you are facing there might be better
and easier solutions.
- If there is access to internet services that are not related to work.
(eDonkey,..)
Block traffic to these ports on the firewall.
- If a single user is utilizing all the bandwidth from your external
connection.
Use a packet shaper or any other way of bandwidth control.
- Access to non work related websites.
Create a simple log which contains just date,time,local computer, user
name and the URL. Make an internal agreement inside your company that this
list will be published on your intranet and can be viewed by everyone.
Use a Proxy to do further filtering.
Bye,
Peter
> hi,
>
> I must make a black box that will sniff and log all the traffic that are
> income and outcome from the net.
>
> His main function will be to supervise all the user of the lan, and warn a
> root if someone is using the comany's network for unappropriate using ....
>
> It must particularly filters http (the url and the date of the connexion) ,
> ftp, irc, pop, stmp ......
>
> I must put all informations in a database.
>
> Do you know a good sniffer (maybe another method ?.) that can check the net
> in order to give me some precise informations about the traffic ?
>
> Which OS must I installed for better performance ?
>
> thx
- Next message: Chuck: "Re: A Mailicious looking hack"
- Previous message: BJH: "xp password"
- In reply to: Nosnos: "sniffer black box"
- Next in thread: Nosnos: "Re: sniffer black box"
- Reply: Nosnos: "Re: sniffer black box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
