Re: Have I been sniffed?
On Fri, 27 Aug 2004, Marc Shapiro wrote:
> The sender address on the SPAM message was my own. That, of course, is
> easy enough for anyone to find. The name of the sender, however, is
> what worries me. The first name was a word that I use for a LOT of my
> passwords, and the last name could have been found in my e-mail.
could be coincidence or could be that you've been sniffed ..
- if you're using wirelesss... that's probably a good guess that you've
been sniffed
> The fact that one of my passwords was used has me wanting to change all
> of my important passwords, but if someone has access to my info, then I
> want to prevent that before I make the changes.
always change all password .. whenever you think there is a problem
or change it every 30 days by practice
- when changing passwd ... only change it if you can sit
in front of the machine, otherwise, they'll sniff your new
passwd too
> What can I do to verify if someone is sniffing my keyboard,
keyboard sniffers is the scary animal ...
- in windozeland, you can run trojan detectors to find sniffers
- in linuxland ... it's a highly skilled hacker/cracker ( in my
book ) to be able to overwrite the keyboard device drivers
- time to get professional help if that occurs
> and what precautions should I be taking.
- implement a spam filter to bounce emails that you consider to be spam
- dozen-2-dozen (trivially implementable) rules of what is spam
- if you're paranoid ...
- see if chkroot will find anything
- see if you see anything odd in your loggs
( ssh/telnet/ftp/irc connections to some other ip# you dont know )
- netstat -v,
- you should be running tripwire, aide, or equivalent
- dont use wireless ..... assume everybody is sniffing all your data
- dont use telnet ....... use ssh instead
- dont use ftp .......... use scp/winscp instead
- dont use pop3/imap .... use secure pop3 instead
- on and on and on ... its an endless game ...
- always make rotating backups ...
- even days to the even backup server
- odd days backup to the odd backup server
c ya
alvin
Reply to: