#1
  1. Recovering Intellectual
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2006
    Location
    Orange County, CA
    Posts
    1,304
    Rep Power
    789

    Defense Against Network Snooping


    Hi,

    I have a strange situation. Due to some awkward circumstances, I am living with a very uncouth individual who has an unhealthy obsession with my wife and I and our private affairs. We suspect that he may be sniffing the data that passes through our wireless connections. The problem here is that unfortunately, the wireless network is his, so if he decided he wanted to place a sniffing program on the router ... or in some other configuration, I would not be able to prevent it. However, I would like to know if there is some way I can tell if this is happening. I have a few programs, one is called Ethereal and the other is called Nmap. Is there anything I can do to tell if this is happening?
    Bugs that go away by themselves come back by themselves
    Beware - your loyalty will not be rewarded
  2. #2
  3. Automagically Delicious
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    127.0.0.2 - I live next door.
    Posts
    2,203
    Rep Power
    2741
    Ethereal won't tell you anything unless you can capture data from his connection. Also, the only data he'll be able to capture from the wireless is anything being transmitted over air. Meaning your normal traffic. If you and your wife are sending pictures or videos to each other or to the Internet, then he might be able to capture that data. Nmap will forcefully assault any device you point it at and tell you what ports are open, which may and may not be useful.

    The only way I can see proving whether or not he's actually doing something would be to look at his computer and see what he has running or has stored in his disk drives. Your best bet is prevention. Use a firewall on both your PC's so that incoming connections are blocked. Don't share any folders in Windows (or other OS if you have one.) And if you do want/need to transfer data between your two computers that you want to keep separate from the rest of the world, turn off both wireless connections and use a wired one.

    Comments on this post

    • seack79 agrees : How PC savvy is your friend? You'd have to be fairly good with networking and such to do this. Plus, it would be a fair amount of work to capture the data and put construct it into meaningful information (at least I would think).
    • AstroTux agrees : Don't get yourself into trouble snooping around his PC. If he is watching you, you can bet he can detect tampering to his computer.
    Adam TT
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2008
    Posts
    599
    Rep Power
    48
    Sounds like you need to move. Your personal security could be at risk...

    On topic:

    In short: there is no way to know if he is monitoring your communications. Passive sniffers are very hard to detect unless you scan the system. This is not guaranteed to show signs he's watching though.

    Ask to go wired. Make up some rubbish that the wireless is playing up lately if he challenges you. Unless the switch in the wireless router is compromised (or forced to broadcast packets to every port through ARP flooding):

    ARP traffic can also be used in MAC address flooding attacks. This attack targets switches and their MAC address tables. By flooding a switch with bogus IP/MAC address combinations, a switch eventually enters flooding mode where all traffic floods out of all ports indiscriminately. Effectively, this turns the switch into a hub and gives attackers access to a larger pool of traffic that they can sniff for sensitive data.
    then the way the switching works should help protect you unless the internet connect is also wired through his computer, and not via the wireless router to the internet directly (or via another dedicated router connected to the wireless access point). I hope that makes sense.

    Your other option is to use your home connection for mundane stuff that you'd be happy to do in a cyber cafe, and the sensitive stuff for somewhere else.

    If you must transfer data between your two computers and you think he is watching, ENCRYPT IT. He can watch all he likes - he won't be able to get at it.

    There are a few ways you can achieve this.

    Apparently the latest version of WinRAR (or WinZip) contains AES encryption. Use a good strong password (e.g. E7F^%5dT&t5Re1846%$*P) to encrypt the data, and share the key via paper for example.

    For e-mail, you can use GnuPG and Enigmail plug-in for Thunderbird.

    Note that to send encrypted e-mail to everyone else, you require everyones public key, which they may not have. At least if you and your wife use this system, you can send encrypted mail to each other. Normal e-mail will be unaffected.

    Look at TrueCrypt for protecting your actual computers. If you use Whole Disk Encryption, this ensures he can't read your data whilst you're out by removing the drives and reading them (sounds like he could potentially go this far).

    Note that encrypting the hard disk will NOT encrypt any network communications! Furthermore, whilst encrypted partitions are mounted, THEY ARE READABLE. If you are concerned about this, dismount your sensitive volumes when not in use. This will become clear when you start looking at the software.

    Again, if you're having to resort to this, I'd strongly advise moving out!! That said, data security is a good thing to have anyway, as computers are becoming worth more in data terms everyday as our lives go online more.

    If he really is watching you, expect these counter-surveillance maneuvers to potentially upset him. He could very well be paranoid and this will likely make him think you're on to him (which you would be ).

    Best regards,
    AstroTux.
    Last edited by AstroTux; March 24th, 2009 at 08:01 PM.
  6. #4
  7. Recovering Intellectual
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jun 2006
    Location
    Orange County, CA
    Posts
    1,304
    Rep Power
    789
    Thank all of you for your suggestions. I appreciate any response to my question which admittedly, sounds a bit bizarre. That is because, trust me, the situation IS bizarre.

    Astro,

    Is he crazy enough to pull the drives? You bet. Hes a psycho to a degree that would shock you. He is unbelievably selfish and has no life. The void of his own pathetic-ness must be filled by disgusting invasions of his family member's privacy. I could go on, but I digress.

    The point is you are right, I should find another place, but for now its almost impossible to say 'no' to free rent. For now I will take advantage of your suggestions and try to maintain my sanity. I appreciate your help. Thanks

    Comments on this post

    • ryon420 agrees : Me and you will go dig up Freud and Jung tomorrow. We'll use their bodies to scare your friend sane ;)
    Bugs that go away by themselves come back by themselves
    Beware - your loyalty will not be rewarded
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2010
    Your rent is far from free my friend; it's costing you plenty of time, stress, and quite frankly crap you should not have to deal with as a human being. Maybe you should confront your friend in a respectable manner and see what his reaction is. If he does not react in a rational manner then I say leave. Don't hide behind the argument that your rent is free. In monetary terms it is, but you're still paying for it.

    Comments on this post

    • Matt1776 agrees : I hear ya
  10. #6
  11. Automagically Delicious
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    127.0.0.2 - I live next door.
    Posts
    2,203
    Rep Power
    2741
    So.... is your wife hot? ( :

    Just messin' with you. Honestly though, you might want to invest in some physical security for your PC's. At least I assume they are PC's. There are some pretty nifty cases you can buy that have locks on everything. He'd have to literally break something apart to access internal components. The one I have purchased a few times is the Thermaltake Tsunami but it doesn't look like Newegg carries it any more. Do that and turn off your wireless when you aren't there and he won't be able to do anything to them.

    Comments on this post

    • Matt1776 agrees : Hehehe :)
    Adam TT
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2010
    I say you wire up your case to a battery, next time he tries to open it, zappy zappy!!!!

    Maybe take your HDD out first in case it ruins the computer hehehehehe.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2003
    Location
    Oregon
    Posts
    2,154
    Rep Power
    938
    The first question that should have been asked was what level of encryption is being used on the wireless connection?

    If WEP then yes your transmission can be cracked. WPA/WPA2 not likely. If using wpa he is not getting to your wireless transmissions.

    If you are concerned about physical access to your computers start with a bios password. If supported a hard disk access password. Most cases have the ability of being locked with a luggage lock.

    Set the windows or 3rd party software firewall to block all access except your internet access.

    Going to a wired connection would not be advisable since that would provide a method to capture your traffic [wireshark] since it is not encrypted like wireless is.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2008
    Posts
    599
    Rep Power
    48
    I semi-agree with what you are saying regarding wireless security vs. wired, but f he is connected to the wireless router by wire, then you've got the same problem. By going completely wired, it at least removes the wireless problem.

    Best regards,
    AstroTux.
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2003
    Location
    Oregon
    Posts
    2,154
    Rep Power
    938
    What wireless problem?

    By going wireless and using encryption the packets can't be sniffed like on a wired connection.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2008
    Posts
    599
    Rep Power
    48
    Computer ---> Wireless ---> Wireless Base Station ---> Integrated Switch ---> Cabled Bad Guy ---> etc...

    Best regards,
    AstroTux.
  22. #12
  23. No Profile Picture
    network dude
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2003
    Posts
    1,698
    Rep Power
    119
    Basically if he is on the same network segment he would probably be using ARP poisoning. To detect this you would do a arp -a from the command prompt and see if the MAC address for your default gateway is the routers or his PC's, You would also have to do this for your wifes IP address so he is not spoofing hers as well. So basically if you know the Mac address of the router and wifes PC you can see if he is spoofing right from the command line, no software needed. Secondly, Before you go to any web sites (Even SSL ones) you would make sure it resolves to the correct IP address to eliminate DNS spoofing and SSL man in the middle attack. This can get tedious and you could use a program called XARP to monitor it for you. http://www.securityfocus.com/tools/3517

    A CAM overflow attack (overflowing the arp on a switch) can be seen with a sniffer as his and your wifes unicasts would be seen on your interface as well.

    The switch setup for mirroring is well more complicated to detect except he wouldnt be able to transmit out his PC and only recieve on that interface. (Unless he had two connection which would be suspicious)
    Last edited by juniperr; April 22nd, 2009 at 03:08 PM.

IMN logo majestic logo threadwatch logo seochat tools logo