Re: Have I been sniffed?

To: shap64@hotmail.com
Cc: debian-user@lists.debian.org
Subject: Re: Have I been sniffed?
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Fri, 27 Aug 2004 10:06:46 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1040827095823.18794A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 412F4BB1.1080207@yahoo.com>


On Fri, 27 Aug 2004, Marc Shapiro wrote:

> The sender address on the SPAM message was my own.  That, of course, is 
> easy enough for anyone to find.  The name of the sender, however, is 
> what worries me.  The first name was a word that I use for a LOT of my 
> passwords, and the last name could have been found in my e-mail.

could be coincidence or could be that you've been sniffed ..

- if you're using wirelesss...  that's probably a good guess that you've
  been sniffed
 
> The fact that one of my passwords was used has me wanting to change all 
> of my important passwords, but if someone has access to my info, then I 
> want to prevent that before I make the changes.

always change all password .. whenever you think there is a problem
or change it every 30 days by practice

	- when changing passwd ... only change it if you can sit
	in front of the machine, otherwise, they'll sniff your new
	passwd too

> What can I do to verify if someone is sniffing my keyboard, 

keyboard sniffers is the scary animal ... 
	- in windozeland, you can run trojan detectors to find sniffers

	- in linuxland ... it's a highly skilled hacker/cracker ( in my
	book ) to be able to overwrite the keyboard device drivers
		- time to get professional help if that occurs

> and what precautions should I be taking.

- implement a spam filter to bounce emails that you consider to be spam
	- dozen-2-dozen (trivially implementable) rules of what is spam

- if you're paranoid ... 
	- see if chkroot will find anything
	- see if you see anything odd in your loggs
	( ssh/telnet/ftp/irc connections to some other ip# you dont know )

	- netstat -v,

	- you should be running tripwire, aide, or equivalent
 
- dont use wireless ..... assume everybody is sniffing all your data
- dont use telnet ....... use ssh instead
- dont use ftp .......... use scp/winscp instead
- dont use pop3/imap .... use secure pop3 instead

- on and on and on ... its an endless game ...

- always make rotating backups ...
	- even days to the even backup server
	- odd days backup to the odd backup server

c ya
alvin

Reply to:

Follow-Ups:
- Re: Have I been sniffed?
  - From: Bradley M Alexander <storm@tux.org>

References:
- Have I been sniffed?
  - From: Marc Shapiro <mshapiro_42@yahoo.com>

Prev by Date: No sound in Sarge
Next by Date: Re: mplayer won't stream audio from internet
Previous by thread: Have I been sniffed?
Next by thread: Re: Have I been sniffed?
Index(es):
- Date
- Thread