7

I'm wondering if packet sniffing is a risk on my VPS.

Is it always a risk or are their precautions a host vendor can take? e.g. a switched network etc.

If I wanted to ask my host what precautions they take, what questions should I ask?

EDIT

Thanks for everyone's feedback.

I suppose what I was wondering if there are any specific packet sniffing risks associated with a typical VPS setup. But I suppose 'typical' makes this question to general, so instead what would help a VPS setup less prone to packet sniffing (other than the things I can do myself e.g. https / ssh) - perhaps the way the VPS network is configured? The host is using kvm.

Alex KeySmith
  • 319
  • 1
  • 9

4 Answers4

6

Every VPS is different therefore No one can possibly answer this question except for you.

Run tcpdump or Wireshark on your system. Look for non-broadcast (like TCP) traffic that contains a MAC address that isn't yours. SIMPLE!

rook
  • 47,238
  • 10
  • 96
  • 182
  • Thanks for the "non-broadcast" tip - good point. I'm a little wary of running a sniffing app in case it's misinterpreted as malicious. But I can ask the host about non-broadcast traffic. – Alex KeySmith Oct 03 '13 at 08:40
  • 4
    +1 - @AlexKey - Running tcpdump/wireshark on your VPS is great advice. It is not malicious or sign of pen testing; in fact its often essential when debugging any network application. Testing on my linode, my VPS only receives network traffic directed to my MAC address. I'd run something like: sudo tcpdump -e -i eth0 -n | grep -vcat /sys/class/net/eth0/address`, which checks eth0 for incoming packets in promiscuous mode (by default) looking at the link layer headers (-e) without resolving IP addresses (-n) and then searches through for lines that don't contain your MAC address. – dr jimbob Oct 03 '13 at 20:05
  • Cool good point @drjimbob – Alex KeySmith Oct 04 '13 at 08:20
2

Packet sniffing is a risk anywhere on the public internet when you have unencrypted traffic. You can encrypt your traffic to prevent sniffing.

Granted, you should note that an adversary at the VPS with physical access to the machine likely can (after some effort) pull your data, including private keys/certificates off of your virtual private server. If you fear this, don't use a VPS or only store encrypted data to your VPS (and never decrypt it on their server).

See: VPS Safety in the Cloud

Community
  • 1
dr jimbob
  • 39,312
  • 8
  • 94
  • 164
  • Thanks for the info. I suppose I'm wondering if there is any additional risk e.g. because traffic is distributed on a VPS in a way that all traffic can be intercepted easily or something similar. – Alex KeySmith Oct 02 '13 at 15:42
1

ssh & https created specially against sniffing.

You can read more about cryptography, and chose tool for your needs, but anyway, you can't hide from the VPS's vendor(root), except your remote data too encrypted. See.

trankvilezator
  • 229
  • 2
  • 5
  • Thanks, I do understand the benefits of ssh / https and agree about data encryption. I suppose I was after if there were any specific risks regarding VPS. But looking at everyone's responses it sounds like it's more a general risk that I'd have anywhere. Thanks again for your help. – Alex KeySmith Oct 03 '13 at 08:42
1

To answer your question specifically, a host can add a VLAN to their configuration and have it trunked on the linux host and then bridge that interface with your VPS. If they encrypt the VLAN, they can only tap the data at the VPS itself or the Router which sources the VLAN.

Mike Mackintosh
  • 294
  • 2
  • 9