9.19. Detecting Insecure Network Protocols

Problem

You want to determine if insecure protocols are being used on the network.

Solution

Use dsniff .

To monitor the network for insecure protocols:

# dsniff -m [-i interface] [-s snap-length] [filter-expression]

To save results in a database, instead of printing them:

# dsniff -w gotcha.db [other options...]

To read and print the results from the database:

$ dsniff -r gotcha.db

To capture mail messages from SMTP or POP traffic:

# mailsnarf [-i interface] [-v] [regular-expression [filter-expression]]

To capture file contents from NFS traffic:

# filesnarf [-i interface] [-v] [regular-expression [filter-expression]]

To capture URLs from HTTP traffic:

# urlsnarf  [-i interface] [-v] [regular-expression [filter-expression]]

ngrep is also useful for detecting insecure network protocols. [Recipe 9.18]

Discussion

dsniff is not supplied with Red Hat or SuSE, but installation is straightforward. A few extra steps are required for two prerequisite libraries, libnet and libnids, not distributed by Red Hat. SuSE provides these libraries, so you can skip ahead to the installation of dsniff itself on such systems.

If you need the libraries, first download libnet , a toolkit for network packet manipulation, from http://www.packetfactory.net/projects/libnet, and unpack it:

$ tar xvzpf libnet-1.0.*.tar.gz

Then compile it:^[10]

$ cd Libnet-1.0.*
$ ./configure --prefix=/usr/local
$ make

and install it as root:

# make install

We explicitly configure to install in /usr/local ...

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Linux Security Cookbook by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes

9.19. Detecting Insecure Network Protocols

Problem

Solution

Discussion

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly