4

I am working in an ISP company as a junior support specialist. Recently, I have a serious suspicions that one of our "head" stuff member is compromising me by being able to control(see) my traffic.. I think he uses such attacks as: "man in the middle attack", "port mirroring" etc.. And obviously, I really want to know how to detect and prevent "his" attacks.

Thanks in advance )

jmoreno
  • 496
  • 2
  • 9
user20823
  • 49
  • 2
  • 4
    As written, this is very localized to your situation. I don't want to give you advice and then discover that I've been identified as an accessory in the subsequent indictment. Perhaps you could rewrite it to be less about you and more about the situation? – MCW Feb 15 '13 at 19:05
  • 2
    You could set up SSHD somewhere and use a SOCKS proxy. That's assuming you have control over your own machine - otherwise I wouldn't trust entering usernames/passwords/secure keys. – Bob Watson Feb 16 '13 at 00:46
  • 1
    Expect your boss to monitor (and potentially alter) any sites you visit unless you encrypt your data. Only trust https/ssh/vpn or similar (with trusted keys or known fingerprints) for secret info. This prevents man in the middle attacks or eavesdropping on anything other than the level of traffic and the IP address you are communicating with. As Bob Watson's great advice, a SOCKS proxy is simple to setup with ssh (setup ssh server at yourdomain.com, go to terminal run ssh -fND localhost:12321 you@yourdomain.com and in a browser setup SOCKS proxy to port 12321) to encrypt all your traffic. – dr jimbob Feb 16 '13 at 08:16
  • 2
    Before attempting to establish a secure tunnel, determine if there is screen monitoring software installed; if there is, the tunnel won't solve your problem. Also, before taking any action to avoid the monitoring, you should determine if it was justified per company policy, and if attempting to evade monitoring is acceptable per company policy. – Matt Feb 16 '13 at 09:22

3 Answers3

21

Usually, inspection and filtering of all the network activity of employees by employers is lawful. Details depend on the country and its laws, of course, but the generic framework is that as long as it was specified in the hiring contract, then the employer can spy as much as he wants -- for company resources, of course, no question about tapping into your personal phone or things like that.

Therefore, your "head staff member" might just be doing his job.

If you have strong suspicions that this "head staff member" spies on you in an illegal and unwarranted way, then you should relay your suspicions to his manager. Trying to counter him "technically" (for instance by playing with the routers) would be puerile, illegal, and would only plunge you into bigger trouble.

Thomas Pornin
  • 326,555
  • 60
  • 792
  • 962
  • 1
    Thanks for an answer ) Yes, of course I agree with you that by "playing" with routers(for instance I can just turn off the DSL line's port) would be really puerile, and I am 100% sure that after such "plays" they will just fire me )) So what I am trying to achieve, is - to detect and then try to prevent "his" future attacks.. – user20823 Feb 15 '13 at 18:41
  • 3
    Detection isn't really possible (if it's not your network; you don't know where the bits really go) - but there are methods of avoiding snooping, and running secure traffic over an unsecure network - like a SSH (if you are worried about SSL MitM). – Bob Watson Feb 16 '13 at 00:47
2

You might be able to avoid or at least try to avoid those possible attacks in the near future by using a vpn tunnel. That way all the data that you transmit through the net will be encrypted. Though, in some work environments it is stated strictly not to use vpn's or they alternatively/possibly block some specific ports that usually use the vpn protocol. But by installing/configuring your own vpn (for example connecting from your work to your home's computer, using it as the vpn server; with hamachi is pretty easy if you aren't so comfortable with the process) you can change the port to something of your will (for example 443).

P.S. There are many techniques to discover and try to prevent those attacks in many ways, but that varies to the access you have to the physical computer and to the network, so that's why I am suggesting from the begin to use a vpn network and spectate how the thing are going

user20827
  • 21
  • 1
  • 1
    to user20827: thanks for an answer, yes I thought about setting up a vpn connection, I just need to figure out which type of vpn to set up, and then manage.. Want to add that I am still a kinda "novice" for this kind of stuff, and I need to draw some plan for my "investigations" ) – user20823 Feb 15 '13 at 19:56
  • 1
    Well there are also free and paid vpn servers (already configured and you have only to install their app or just type the login information) that you can use; after a quick search I am sure that you can find some from both categories. But if you concern also about the fact that someone who provides you access to his own vpn server (paid or free) that might also intercept your traffic, then you should try get deeper into this and build your own vpn server. – user20827 Feb 15 '13 at 22:04
0

It's probably fine, until they decide to pop up a fake page to get you to enter your private password. Then that's pretty much a grey area.

The problem is, it's very much difficult to differentiate between a legitimate action vs something that is more nefarious. It's usually a good idea for your employer to tell you if they are doing any monitoring of any sort, and flag specific actions as not part of the policy. Any other way undermines the trust of the environment as well as the trust in the workings of the machines, and other processes.

munchkin
  • 391
  • 1
  • 5