Hi everyone,
I've got little question for you. Recently, I started using Wireshark (as a part of my ICT studies) for analyzing network traffic. What I discovered was that capturing logs and passwords with http protocols was surprisingly easy - wireshark captured even my login informations for this site! ;p In fact, with combination of wireshark + cain I was able to intercept (ARP spoofing) sensitive data from diffrent users in particular network (I tried it on my home network so don't you worry, nothing bad happened ;p). Only data from https protocols was safe. Here comes my question: can Norton 360 prevent such actions and inform user that this kind of attack is happening or happened? I am asking because right now, with that knowledge, it's a bit scary to use any free hotspots in public places.
Hi everyone,
I've got little question for you. Recently, I started using Wireshark (as a part of my ICT studies) for analyzing network traffic. What I discovered was that capturing logs and passwords with http protocols was surprisingly easy - wireshark captured even my login informations for this site! ;p In fact, with combination of wireshark + cain I was able to intercept (ARP spoofing) sensitive data from diffrent users in particular network (I tried it on my home network so don't you worry, nothing bad happened ;p). Only data from https protocols was safe. Here comes my question: can Norton 360 prevent such actions and inform user that this kind of attack is happening or happened? I am asking because right now, with that knowledge, it's a bit scary to use any free hotspots in public places.
MBerger wrote:
Here comes my question: can Norton 360 prevent such actions and inform user that this kind of attack is happening or happened? I am asking because right now, with that knowledge, it's a bit scary to use any free hotspots in public places.
Norton will automatically set the Network Trust Level to "Protected" when you are on an unencrypted wireless network. This will help keep others on the network from accessing data stored on your PC. But that is somewhat different than what you are talking about. If you are not using an encrypted connection to the sites you are visiting (https), then that traffic will be visible and intelligible to others on the network. Norton would have no way to prevent eavesdropping, because that is external to the computer - you are sending out a radio broadcast of your activities in the clear. The lesson is that whenever you are sending sensitive information over a wireless network, use an encrypted connection (https). Better yet, wait until you can use your home network, where you have control over network access. Or use a VPN. If you broadcast traffic in the clear, there is nothing that Norton, or anything else, can do to make sure it is not being intercepted.
Thank you for your answer! :) It explains a lot! but I there is still one thing about security: when I was capturing traffic, my parents asked me to capture their passwords and logins from their company web sites while they were trying to login into the system. Funny though, because one of the sites detected ARP spoofing attack and prevented user from sending sensitive data and user could not login while the poisoning was on. So, is it really impossible to implement such security feature into Norton? or Im just missing something and this kind of security is just part of https protocols? ;p
With the right tools, the bad guys are going to get what they want, regardless of what you do to protect yourself.
The point is that the majority of users are not the kind of target the bad guys are interested in. It takes a lot of work to break into your system, and just like your house or car, the crooks will bypass locked doors until they find one that is unlocked.
In order for a hacker to launch an ARP poisoning attack, he would need access to the network. Obviously, a public wi-fi network might give an attacker this opportunity, but a properly secured home network would be almost impossible for someone to attack with ARP spoofing.