Can a network admin reconstruct something that you sent through FTP from A to B?

Heifetz

Golden Member
Oct 9, 1999
1,398
0
0
If you're sending a file through a nonencrypted protocol, such as ftp, or aim, would a network admin, or someone who has access to the network be able to obtain what you sent by sniffing the network and capturing all the packets? It seems plausible to me, as someone who is sniffing the network would be able to grab clear text keystrokes easily.
 

rahvin

Elite Member
Oct 10, 1999
8,475
1
0
If you can sniff the network and the transmission isn't encrypted then the person sniffing can reconstruct every packet sent and obtain a copy of the file. This isn't easy though, they need to know what they are doing.
 

randal

Golden Member
Jun 3, 2001
1,890
0
71
Ahh, another "how do I circumvent the precations that my network admin has put in place" thread. Ever thought that what you transferred over FTP shouldn't have been transferred in the first place?

randal
 

Sketcher

Platinum Member
Aug 15, 2001
2,237
0
0
Originally posted by: Heifetz
If you're sending a file through a nonencrypted protocol, such as ftp, or aim, would a network admin, or someone who has access to the network be able to obtain what you sent by sniffing the network and capturing all the packets? It seems plausible to me, as someone who is sniffing the network would be able to grab clear text keystrokes easily.
Yes I can.


Originally posted by: rhavin
If you can sniff the network and the transmission isn't encrypted then the person sniffing can reconstruct every packet sent and obtain a copy of the file. This isn't easy though, they need to know what they are doing.
Programs like this, this, or this among others, make my world a better place ;)

FTP gets a bit more difficult - but it isn't no-man's land. You just need the right application for each capture. rhavin is essentially right in that it is not easy - but programs like the one I've listed continue to improve, and the more knowledge that is built into the software - the less the admin (or anyone else) has to know.



 

Freejack2

Diamond Member
Dec 31, 2000
7,751
8
91
Originally posted by: randal
Ahh, another "how do I circumvent the precations that my network admin has put in place" thread. Ever thought that what you transferred over FTP shouldn't have been transferred in the first place?

randal

So if I transfer family pictures to another family member via an non-encrypted protocol that gives the isp admin the right to sniff and capture what I'm sending?
Wish they made some kind of encrypted transfer protocol addon for icq or aim.

 

randal

Golden Member
Jun 3, 2001
1,890
0
71
If you're doing that from work, then yea, I wouldn't do it. Your company pays for the network equipment and the bandwidth -- they have every right to monitor every bit of data that goes across it.

As for doing it at home, it is also possible for a network admin to watch what you do. Being an ISP network admin myself, we get requests from the police to monitor a users internet traffice -- we don't do that because they are paying us for our services, and we have a stiff privacy policy, but the point remains that it would not be difficult to sniff out exactly what they do from the privacy of their homes.

I wouldn't do anything personal on someone else's dime. Unless I'm running the NOC while posting to AT ;)

randal
 

Sketcher

Platinum Member
Aug 15, 2001
2,237
0
0
Originally posted by: Freejack2
Originally posted by: randal
Ahh, another "how do I circumvent the precations that my network admin has put in place" thread. Ever thought that what you transferred over FTP shouldn't have been transferred in the first place?

randal

So if I transfer family pictures to another family member via an non-encrypted protocol that gives the isp admin the right to sniff and capture what I'm sending?
Wish they made some kind of encrypted transfer protocol addon for icq or aim.
Nope, it doesn't give the ISP Admin the "Right". However, if an ISP declares in their service agreement that they monitor traffic - or reserve the right to - that's where the right is given.

(But, I don't know much about ISP & Privacy acts, so - you privacy buffs can "___insert comment here___"). Seriously though, think about how much traffic goes through an ISP. There just isn't any reasonable person who'd look at all that and think, hmmm, gotta dig me up some of that traffic and see who's doin' what!

I mean, I have less than 100 users in my LAN/WAN environment - and unless HR asks me to track some traffic, I could care less. There are much more interesting things to do ;)

**Note: Most users who claim they're sending "Family Pictures" and "files" do tend to rise to the top of my "most wanted" list though! :p:cool::p
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
or they could hijack your session and totally pretend to be the server, manipulating at will every frame.

But with FTP its pretty easy, capture the session and reconstruct the file. This is also how inline ftp/http virus scanners work - they examine individual packets looking for matching patterns.
 

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
Freejack2, there is a way to do a secure FTP connection. There are a few clients out there that let you establish the FTP connection using SSL to encrypt the contents of the transfer. However, I haven't seen very many servers that even have this capibility, and even fewer that have it enabled. If you do manage to find one that supports it, and you use it, your data should be reasonably safe though.


PS Glub Tech should have all the tools you need for both the secure client and the secure server
 

XZeroII

Lifer
Jun 30, 2001
12,572
0
0
lol, I would love to see someone try to get stuff from my computer. I transfer about 3gb per day. All of it is many files simultanious transfers from a number of sources. I'm sure it can be done, but I can't imagine them sitting there waiting for a 600mb file to get to their hdd, only to find out that it was something stupid. If someone wants to know what i'm downloading or uploading, just ask.
 

SinnerWolf

Senior member
Dec 30, 2000
782
0
0
This is why i like to mess with the admins at my job....take a raw tif image of space, lord of the rings, whatever....400mb plus. Or maybe a mr rogers episode

rename it to BarnYardFilth.avi, Jenna.jpg, etc...

Or better yet, take 30 of the same exact file and rename them all individually...Rar them 30 split. add a creative archive file name. And see if they notice a 30+ 2gb files being transferred to enron email addys from student-machine log ons. I'd say they look at 2-3% of them, which is actually kind sad.

Anyhow, if you're after secure transfer of files....change the file type (from .exe to .bmp or something), compress them in a rar/zip file, password protect it, and then change the extension of the .rar/.zip to .html or .dll . whatever! Give them a boring yet plausible name (presentation2.ppt, research.pdf). Best way imo is to split rar them into 5 or so files....once the archive is created, take the .01, .02, .03, etc...and switch them around or just change the filename altogether. Change them back on the receiving end.
 

Sketcher

Platinum Member
Aug 15, 2001
2,237
0
0
Originally posted by: SinnerWolf
This is why i like to mess with the admins at my job....take a raw tif image of space, lord of the rings, whatever....400mb plus. Or maybe a mr rogers episode

rename it to BarnYardFilth.avi, Jenna.jpg, etc...

Or better yet, take 30 of the same exact file and rename them all individually...Rar them 30 split. add a creative archive file name. And see if they notice a 30+ 2gb files being transferred to enron email addys from student-machine log ons. I'd say they look at 2-3% of them, which is actually kind sad.

Anyhow, if you're after secure transfer of files....change the file type (from .exe to .bmp or something), compress them in a rar/zip file, password protect it, and then change the extension of the .rar/.zip to .html or .dll . whatever! Give them a boring yet plausible name (presentation2.ppt, research.pdf). Best way imo is to split rar them into 5 or so files....once the archive is created, take the .01, .02, .03, etc...and switch them around or just change the filename altogether. Change them back on the receiving end.

Yup, that'd all work pretty good... except for programs like BorderManager and hardware like WatchGuard Firewalls. Doesn't matter which, what, how you'd like to rename - send - xver- which program, what color etc... I can lock you down, slap you up, make you piss in a paper cup. Well, OK, so I wouldn't slap you and can't really make you piss in a cup. If you're doing that kind of stuff though, I can send you packin'.

Any Network Admin worth their salt will throttle your bandwidth, impose disk quotas and lock down the firewall and network usage for a "respectable" working environment :cool: ........................ then slap you :D [
 

SinnerWolf

Senior member
Dec 30, 2000
782
0
0
Yup, that'd all work pretty good... except for programs like BorderManager and hardware like WatchGuard Firewalls. Doesn't matter which, what, how you'd like to rename - send - xver- which program, what color etc... I can lock you down, slap you up, make you piss in a paper cup. Well, OK, so I wouldn't slap you and can't really make you piss in a cup. If you're doing that kind of stuff though, I can send you packin'.

Any Network Admin worth their salt will throttle your bandwidth, impose disk quotas and lock down the firewall and network usage for a "respectable" working environment :cool: ........................ then slap you :D [


true enough, but that's why i do it on a different machine, with a different log on =) who ya gonna slap? Use a generic anon email addy, and welcome to info laundering. Besides, i can always create new log ons with admin rights...;)
 

Sketcher

Platinum Member
Aug 15, 2001
2,237
0
0
Originally posted by: SinnerWolf
true enough, but that's why i do it on a different machine, with a different log on =) who ya gonna slap? Use a generic anon email addy, and welcome to info laundering. Besides, i can always create new log ons with admin rights...;)


:D, perhaps with someone else's network you can do that. But not on MY watch!! :D

My Network is:

1. Internet traffic locked down by BorderManager & Watchguard.
2. Desktops are locked down by enforced profiles (control panel isn't even available to them, nor is command line usage).
3. Users are trained to lock workstations if stepping away (timed auto-lock is on just in case).
3. No one but my staff and I have access to Admin privileges, anywhere.

I do not extensively monitor internet site usage - but I have download/upload functionality completely locked and filtered for critical apps or per authorized user request only - Meaning, you can't download OR upload ANYTHING - e-mail, java client, chat, telnet ANYTHING unless it's through the filtered corporate e-mail system.

My Network is a bit more locked down than most - but what kind of environment are you in where you have access to Admin privileges - AND carry on that kind of behavior?

For one thing, you're giving me ideas to watch for! :D
 

geoff2k

Golden Member
Sep 2, 2000
1,929
0
76
My Network is a bit more locked down than most - but what kind of environment are you in where you have access to Admin privileges - AND carry on that kind of behavior?
Sounds like a university campus or a government site to me... :)
 

PsychoAndy

Lifer
Dec 31, 2000
10,735
0
0
Originally posted by: geoff2k
My Network is a bit more locked down than most - but what kind of environment are you in where you have access to Admin privileges - AND carry on that kind of behavior?
Sounds like a university campus or a government site to me... :)

Sounds more like someone's a bit anal about their network ;)
 

Sketcher

Platinum Member
Aug 15, 2001
2,237
0
0
:) Heh heh, :)

Yup, just a bit anal. :) But consider that you are put in charge of a multi-million dollar archive of sensitive data that can make or break your business. Consider that one Lone Ranger out to prove his point messes with that data whether intentially or inadvertantly "because he can" or because he wants to stick it to the Systems Admin, show his buddy his haX0r skillz or .... whatever.

Now, it doesn't take a rocket scientist to figure out that a paycheck is a good thing. And I bet every one of you who speaks from the viewpoint of "that System's Admin is Anal, uptight, a prick, big brother, obsessive, a killjoy etc..." has not been in a position of responsibility where your daily task is to keep the company running - as in critical up time. If you have been, and still maintained that attitude - the company you worked for is a) No longer in business. b) Really not all that critical or c) You are no longer employed by that company. Sure, there are probably a few alphabet excuses left out there, but I think my point is expressed.

Nearly everyone who cries about strict work computer/internet usage is a "worker bee". Nearly everyone who hails the creed of "work on work time, play on your time" has been responsible for tasks that involve the integrity of a manager's worker bees.

I think it a very enjoyable scenario to see a normal staffer promoted to a management position because he/she's deserved it. I think it even more enjoyable to see how the former co-workers/now worker bee's for that manager think he/she's "uncool" when they start enforcing responsibility because they now have reporting to account for. The buddy scenario changes a little, sometimes a-lot, and the "new" manager begins to understand a little more about that "Anal, uptight, Big Brother" world that was once just the butt of water cooler jokes. As soon as YOU are personally responsible for the performance and integrity of others, your behavior toward that work changes. As soon as YOU become responsible for not just your employee's integrity - but are also the go-to/fall guy/Systems Administrator of a Computer Network, Security System and Telephone System - your attitude changes yet more.

And with all of this attitude change, we still have a pleasant, enjoyable atmosphere where IT is not considered the "Big Brother" but the "Hand that feeds you" and staff are comfortable that they have you to keep their data integrity intact, and security is a non-issue, because throughout it all - YOU keep the systems "UP".

It's really not all that big of a paranoia issue. When it's YOUR issue - you'll understand.

Nothin' to do with government or university - everything to do with responsibility.

But yes, I'm Anal in that respect ;)

-Sketcher
 

Renob

Diamond Member
Jun 18, 2000
7,596
1
81
Ahh, another "how do I circumvent the precations that my network admin has put in place" thread. Ever thought that what you transferred over FTP shouldn't have been transferred in the first place

I bet you were one of the kids who always followed the rules and told on those who did not.


Haifetz I would not worry about what you have sent, but you might want to worry about what you plan on sending.
 

kranky

Elite Member
Oct 9, 1999
21,019
156
106
Sketcher, good post about sysadmin responsibilities. It's hard for people to understand the other side until they've been there.
 

skace

Lifer
Jan 23, 2001
14,488
7
81
Sketcher, I'd call you anal mainly because of the attitude you tote regarding 'your network'. My company has similar practices as yours, except for the control panel thing (boggle), but I'm not gonna sit here and brag about it.
 

Sketcher

Platinum Member
Aug 15, 2001
2,237
0
0
Originally posted by: skace
Sketcher, I'd call you anal mainly because of the attitude you tote regarding 'your network'. My company has similar practices as yours, except for the control panel thing (boggle), but I'm not gonna sit here and brag about it.

skace, Thank GOD you're not going to sit there and brag too!! As far as being Anal, I'm guilty as charged - I admitted it - or didn't you read that part? No matter. Your retort does state "My company has similar practices as yours" so if negligable semantics are ignored, you are the pot calling the kettle black - even if only a little. But thank you for not bragging. (really, you ought to try it some time, it's liberating - and gives one an over-inflated sense of self worth :)

-Sketcher