[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

TCP Sniffer - Can they monitor/break HTTPS

Posted on 2009-02-16
15
Medium Priority
?
1,396 Views
Last Modified: 2013-11-16
I'm a bit paranoid if people can monitor my passwords from my desktop.  I try to make sure no spyware or key loggers are installed (i wish there was a way to detect something like this more reliably)  but now I'm wondering if someone connected to the same router / gateway could be sniffing all outgoing TCP requests.

I am logging into HTTPS websites.  Is it possible, even though SSL is active, for a foreign person not on my PC though possibly in the same workgroup to monitor my outgoing requests and view my passwords?  For example Gmail log in?
0
Comment
Question by:aniston
  • 8
  • 4
  • 3
15 Comments
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653246
Is it possible?  Yes.
Is it probable?  No.

If the network devices haven't been secured then it is possible that a third-party could route all of your traffic through themselves.  As you pointed out however the traffic is encrypted.  As with all encryption it is possible to break it eventually but this is far beyond the means of most people (who would get bored after a year or two!)  More likely they'd get themselves a certificate and impersonate the site then proxy your traffic to the actual site (your credentials included) - some of the trusted certificate authorities built into your OS/browser are not too careful who they give certificates to.
0
 
LVL 9

Expert Comment

by:L3370
ID: 23653291
Technically speaking anything IS possible but the probability of it happening of you are so cautious is low.  You cannot garuntee your computer info is safe...only mitigate the risk of it being comprimised. The only 'safe' computer is the one left in its packaging.

Is this a home network setup or are we talking a business or another private/public organization's network?

If it is a wireless home network, yes, they technically can sniff your information out with the right wireless monitoring equipment.  It would take great skill to turn that sniffed data into viable information such as passwords from your computer.  If you have enabled encryption like wep, that can make it more difficult.  WEP is crackable. Someone can crack it if given enough time.  

As for keyloggers...a very real threat. If you have other computers on your network they can access your computer if it is shared out. They will need admin priveledges to install it still.  Spyware detection programs are out there and are pretty effective. As long as you know who has physical access to your computer it seems like you are doing enough to mitigate risk.  The chances of a 'hacker' devoting so much time and effort to someone's home computer is relatively low unless you have a real good reason for someone to hate you that bad :P

If you are still worried by keyloggers, frequently look at the add/remove programs.  look for newly installed software. run virus scans and spyware scans.  Unless the keyloggers are staying in

If it is an organization/business network, you are at the mercy of the IT staff. It is their responsibility to keep the systems safe.  Just make sure you exercise the same caution you have already with accessing websites. If you really dont want people to know the things you are doing on websites then I'd merely suggest not doing it on the work computers to stay safe.
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653297
You are also at risk if the implementations are poor or based on weak algorithms.  

I found the example I was thinking of too:  http://www.insidetech.com/news/articles/3669-hackers-break-ssl-certificates-impersonate-ca
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 19

Accepted Solution

by:
lamaslany earned 500 total points
ID: 23653350
I would agree with L3370:  you are at far more risk from poor physical security - if your PC is left unattended at any time there is the danger of hardware/software keyloggers being installed.  That said I am sure I read an article recently regarding how to 'sniff' keystrokes remotely as they're typed - most keyboards do not have shielded cables!

It is worth noting that WPA is quite easily crackable if running as WPA-PSK.  Look to WPA2 instead.
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653366
0
 

Author Comment

by:aniston
ID: 23653379
Yes i am within a home network.  Actually i am sharing my internet connection with a friend but we've been having a bit of a outting and he is the type to retaliate. In fact i know he was able to log into my GMail account (i checked gmail's logs and saw his ip address).  Originally he did have my local PC's login name and password, so he does have admin access to my PC.  

I'm just wondering how the heck did he get my password into Gmail.  I was thinking key logger but a quick scan shows nothing unless he removed it after he got the password.  And it doesnt sound likely that he can scan the outgoing tcp packets while i am connected to the HTTPS gmail login page.

Is he able to install the keylogger remotely once he has my login/password t my destop?  We are using Windows Vista.

0
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653438
Is he able to install the keylogger remotely once he has my login/password t my destop?
Yes.
If in doubt I would back up your files and clean install your PC (assuming you are comfortable doing that). If your PC has been compromised you cannot trust any software to correctly report if there is a problem - take a quick look at the dangers of rootkits.
0
 
LVL 9

Expert Comment

by:L3370
ID: 23653446
piggybacking off lamaslany's last comment.

I've even read on some keylogging done by phone!  Some security agency developed a system that was able to determine keystrokes by the sound of the user typing on the keyboard while they were on the telephone.  They made a database of recorded keystroke noises from various models of keyboards.

If that isn't enough to get you paranoid, I don't know what is!
0
 

Author Comment

by:aniston
ID: 23653528
Once my PC has been reinstalled with a fresh cop of Windows, what is the best way to keep my system from getting key loggers?  Is there any way i can easily detect them?  Of course i wont give out my password but i would like a tool to help check things out.  Again this could be a home made keylogger rather than a popular one off the net therefore not detectable.  I dont have faith in those heuristic scans.

I was surfing and came across System Mechanic.  It appears to have a feature that can snapshot and compare changes to your registry.  I figure i could use that to detect anomalies?  Granted the person in question knows much about DLL injection (piggy backing with safe .EXE files).  
0
 

Author Comment

by:aniston
ID: 23653542
I should also mention we both use Firefox.  I'm wondering if he was able to obtain any relevant security key information from my firefox browser in order to make decoding a sniffed packet easier on his end.
0
 
LVL 9

Assisted Solution

by:L3370
L3370 earned 500 total points
ID: 23653563
if your gmail password is similar in any way to your computer login pw then he could have gotten into your gmail with brute force.  

If a keylogger was installed and he no longer has physical access to your computer, it would have to send that data out for it to be usefull...

If you open command prompt and type 'netstat' it will report all active connections. For the sake of drowning out the static, close all webpages, instant messengers, and any known programs that access the internet first.

 Afterwards, if you some connections...like an IP address to his computer, or another computer with an IP address on your home network, I would be a bit worried.



0
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653610
1.  Ensure that your PC is fully patched.  This means the latest patches and service packs for your OS, applications and even drivers.
2.  Ensure you have a firewall installed.  If you are careful about what you run and don't blindly allow everything that wants to be given access even the Windows Firewall will do a decent job of protecting you.
3.  Ensure you are running good quality antivirus/antimalware software.
4.  Do not run as an administrator.  Have a seperate account for your day-to-day use.  If you need to install additional hardware/software or run updates simply log on as the admin, perform the tasks and log off again.
5.  Be cautious about your network security.  If your router is compromised it is a potential gateway into your system (see site impersonation in a previous post).  If an attacker can impersonate a site you trust, for example one you might download patches and updates from, you may well run infected code.


Personally I'd shy away from System Mechanic.
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653630
If you open command prompt and type 'netstat' it will report all active connections. For the sake of drowning out the static, close all webpages, instant messengers, and any known programs that access the internet first.
If your machine has been properly compromised you cannot trust it to correctly report it's status.  It is trivial, relatively speaking, to ommit an attackers' backdoor from a netstat result.
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 23653661
I should also mention we both use Firefox. I'm wondering if he was able to obtain any relevant security key information from my firefox browser in order to make decoding a sniffed packet easier on his end.
Unlikely - but I don't know that much about the innards of Firefox I am afraid.  And as I said there are easier ways to compromise your PC. Decoding encrypted traffic without the key is far more difficult than breaking in.
0
 

Author Closing Comment

by:aniston
ID: 31547482
I think the program "Activity Monitor" by SoftActivity was installed.  Everything was perfect to be a very quiet install.

Thank you guys for the great info!!
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question