So what do I do to defend those network analysis tools?

In my company LAN,someone's using the network analysis tools to spy on our computers secretly.I know it because the other guy told me he'd seen him once showing him what websites one had visited and even the messages of the chat tools beteewn each other.
But I don't know what software he's using.It must be some easy ones cause that guy is a noob about computer.
Question 1:Like the software in this forum Colasoft network tools.Are these similar tools all based on ARP-Spoofing?
2:What can I do as a defence of my privacy?

He knew my admin password before.Now I have reinstalled my os with nod32 av and comodo v3 on,changed admin pw.But I think comodo v3 cant handle arp spoofing very well,right?

Finally, what would happen when Colasoft network analysis tools vs Comodo v3

 

Maybe no firewall can survive.
They are monitering the switch!!

 

being on public wireless lan for years , i'm very very concerned with inbound protection and anti-arp spoofing functionality of firewalls more than than the claimed outbound control

so,,,,,

with all respect to comodo , OA , most of the top rated firewall hips , they are nothing but hips applications
they are so famous by their outbound control , but thier inbound protection is not stronger than the windows xp firewall
also they include no anti-arp-spoofing protection

in my opinion , and away from its common bugs , outpost is one of few firewalls which is concerned with the inbound control , protection within the local network , arp-spoofing protection , netcut attacks , DOS attacks , and informs u if the ur gateway on the local network is falsely changed by spoofing program , netcut , or any other sniffer and tell u about the MAC and IP of the attacking computer on the lan

but as i told u , recent versions of outpost v4 , v6.0 have some problems with many users , this is due to software bloating

if u encountered problems with these versions , i recommend u and older version of outpost
outpost version 3.5 or v2

finally don't forget to disable the file and printer sharing on ur local network

best regards

 

Is the monitoring being done with managements knowledge ?

 

He should not be able to get your Admin password unless your logging into to your computer via a network like Novel. other then that there should be no way to get it from your PC unless its like a Trojan or some other form of Keyloging sence your computer don't send your windows login across the network. if your worried about someone on your main computer then a firewall should be able to tell ya as for the tool listed above it should only list something like if your logging into hotmail anything that requires you to send data across the network if its just PC your safe as far as I know.

 

In addition to Bubba's question, i'd like to remind you to put a password in the default (invisible) admin account.
Just about anyone can use your computer however they like, if you don't do this.

 

There are various ways to spy on a company LAN.
The simpliest way is to set a proxy (or a sniffer on a gateway pc) and then all the net traffic will be monitored. Probably he has access at your company's proxy.
Another way is to install a program like NetSPy Pro on every pc; a sniffer that can be controlled from distance. After that he can monitor what is happening on each pc in realtime without having to filter the traffic generated from the other pcs.
A third way is to control the DNS server, but since he spies the messages from IM programs, is to exclude from the list.

I do not think that he use ARP-Spoofing tecnics; especially since you said that he is a noob.

1. Never let know your admin password. It would be also wise to password protect your security programs too.
2. If he has access to the proxy of your company there is little you can do. The only way to protect your privacy is to use tunneling protocol.
3. If you have to use instant messengers, prefer programs that encrypt the traffic. Skype for example has a feature called secured communication. All the traffic is encrypted between the communicating parts.

hope it helps,
Panagiotis

 

Well,I have the only printer in the poor office so I have to share it.

I think he asked some pros to set all the company's LAN hardware and his own monitering software.We had one router and a switch.

Sorry,maybe I didn't make it clear.He did not steal my pw.He just knew it cause the pw on my computer was public to everyone in the office at first.I am new in the office and it's a part-time job in this company.

Yeah,I have done that since I reinstalled the os.

Sorry,I don't quite understand the proxy method.I don't think it is the netspy etc method cause I think my computer is clean especially after I have reinstalled the os.

Thanks for the link.I'll check it out.

 

If the company uses a Proxy Server all the traffic is routed through the server. And this means that it can be intercepted and analised.
The same is true if they use as default gateway a dedicated pc.
Also they could use an trasparent or intercepting proxy server.

You are welcome.

 

I installed Colasoft network analysis tool and found out the software moniters all the traffic through the switch as you must connect your monitering pc to the moniter port of the switch.Then the Colasoft can catch the packects and decode it into website address and IM message etc.
Then what could I do if he really uses the Colasoft for example?

Hi,the article is kind of deep for me .
1.Practically,how can I use the tunneling_protocol method to encryt the traffic?Some software?
2.Does Tor work in this situiation?

 

One thing I got to say If this is your Boss doing this good luck getting around it. my suggestion then would be do personal things at home like IMing and what not otherwise invest into a laptop and find wifi hotspot on a break to IM or check whatever ya check... a lot of management watches there network to make sure people are doing what people are supposed to do why at work and make sure that they are paying employees for what they were hired for. Something that has just been rolling Thur my mind since the beginning of this post.

If its not your boss. then report him to your boss and have the software removed. then you will have no problem with someone watching the network.

just my 2 cents

 

Hi,Fajo.He is not my boss at first.Secondly,I don't know if it is too rude to say so.He is the ***kisser of the boss.It is not the boss's idea to watch us but his own.Please don't tell me to call the police.
sorry for off topic.

 

I have installed Tor.It works great to bypass the Colasoft analysis.

 

Lol I would never tell ya to call the police. but honestly the easiest way to get around him is to invest in a laptop and if you really want a Mobile card lol you can use your laptop on the web and no one could monitor it. I was going to do this for a long time because the main computer at work was monitored but there was no rules against me bringing my own.

 

Good for you!
This is only a temporary job.So it's not a big problem.I'm here just for knowledge,and don't wanna lose this little game.

 

yes but if he is a B**kisser then it might just get you in more trouble then its worth. even tho the fame of rubbing it in his smug face maybe worth it.

 

Hm. I think you are not right. I tried nmap to scan my lan and even the most advanced scan didn't find a network computer where OA was installed and interface was untrusted. As for the ARP spoofing it was discussed many times and in the end it appeared that FW based anti-arp is useless. Personal firewall cannot protect your gateway from spoofing by definition. To prevent ARP spoofing succesfully you need gateway to be protected first.

As for OA. I dunno what does it do with ARP, but I see sometimes in the FW log ARP-related stuff. Some messages are just informative, some messages report that ARP packet was blocked. For example:
[29.06.08 00:54:03] 254 ARP entry: 192.168.1.72 -> 00-1F-C6-58-D3-7E

 

the inability of ur advanced scanners to detect the pc where OA is installed on ur lan does NOT mean that it can not be detected by any weaker scanner of a hacker inside ur lan

from where you got this end result
may be it is ur own opinion

i tried both outpost firewall and lavasoft firewall "outpost derivative" and both of them protect well againt all spoofing , sniffer and DOS "DENIAL OF SERIVICE " attacks inside ur local network
and also inform you about any gateway false change

 

Sure, it doesn't. But this doesn't mean opposite as well. Conclusion can be only made on real tests. I did it with nmap. I was satisfied, because nmap covers all the possible ways to scan network I know. You may run your own tests of course and make us know of your results.

It comes from the nature of ARP spoofing. Imagine that your gateway is spoofed with your card's fake MAC. What your WF can do in this case ? Nothing.
From the other side you may use static MAC and then you don't need to do anything else. For the modern LANs this is recommended way to go.

You should try to attack your gateway. I don't think Outpost or ANY other FW can stop this.

And in general, if you do not run network server like web or ftp or p2p you are hardly can be of any interest for DOS attacks. I spent a year in a huge LAN without any FW except built in and I do not remember that I noticed my computer was affected in any way. Then I just installed OA and went invisible.

Do not take it as if I try you to change your favourite FW, but if you judge other products, try at least to be fair (and to be fair you must be informed).

 

Ok, seing your answer to Bubba's question, and this, i'd suggest following Pandlouk's posts

 

bonedriven, I've been using the Ironkey at work. It is the best thing when it comes to secure & private web browsing.... check out their specifications:

https://www.ironkey.com/

https://www.ironkey.com/personal

 

1- u mean ur ports were stealthed or the computer is completely hidden on the lan ?

if the 1st . any firewall including windows xp firewall can do that
if the second , just open the netcut and u will find ur mac and ip with the username visible on it

BY real testing of OA with
-winarp spoofer
-net cut
-switch sniffer

following results found

computers with OA were quite visible on the local network

u can hide them only by changing the router settings "SPI"

so i'm sure ur results were not realistic

nothing ?!
from where u got this answer ?
may be coz u didn't try or test by ur self a firewall with anti-spoofing properties

in fact the firewall should respond by the following :-

1- informs u that the gateway ip and mac was changed

2-informs u about the computer's ip and mac who did that spoofing

3-makes ur pc behaves as if the gateway is a static not a dynamic gateway
as most of DOS attacks occur with dynamic gateways
and the end result is preventing the spoofing and the DOS attack

i already attacked the gateway hundred and may be thousands times with almost all types of sniffers , winarp spoofer , netcut , .......

and outpost did all the above steps very well
my statments are based on real testing not just a view
and i invite u to do it ur self by real tests , instead of giving just opinions "that may be affected by emotions , loving firewall and hating another"

alex , i think i'm fair
just review my above words well
OA is the number 1 firewall hips application at this moment "according to matousec today's results"
so , this is a fact that none can deny
OA with comodo are the best at outbound protection
but they very little abilities concerning inbound protection
they spend all their time patching themselves just to fight more leak tests
and completely forgot something called inbound which is supposed to be the basic firewall function


finally
i'm not from the outpost fan
i don't like it and not using it right now
but i just wanted to say what i saw by my eyes

 

Plus it can be crashed easily by flooding it as proved by ailef .

 

hi coolio
could u explain more ?

 

Completely hidden. From ARP, TCP, UDP, ICMP, PUP etc