Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1995: Re: sniffers

Re: sniffers

Asriel DeCatte (asrielchewy.wookie.net)
Sun, 30 Apr 1995 21:51:33 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dr. Frederick B. Cohen: "Detecting a sniffer"
Previous message: Jas: "Re: sniffers"
In reply to: Jonathan M. Bresler: "Re: sniffers"
Next in thread: Asriel DeCatte: "Re: sniffers"

> 	a sniffer can have its transmit lead cut and still function.  
> this configuration is described in one of the common security 
> papers--TAMU's tiger paper perhaps, i dont remember.  with the transmit 
> lead cut, you cant detect.

This assumes that the snooper you're worried about has physical access to 
the ethernet wire in question. Assuming the intruder does NOT have such 
access, as is the case most of the time, in order to set up a "sniffer" 
the intruder has to modify the configuration of an existing system. The 
changes this individual effects tend to leave footprints. I just figured 
it'd be worth it to know some methods of detecting a software-based sniffer.

------------------------------------------------------------------------
A s r i e l  D e C a t t e  a t  M 0 C K  C h i c a g o ,  1 9 9 5 . . . 
do not lead for I will not follow - do not follow for I will not lead
                        asrielwookie.net
------------------------------------------------------------------------
   		     main(){while(1){fork();}}

Next message: Dr. Frederick B. Cohen: "Detecting a sniffer"
Previous message: Jas: "Re: sniffers"
In reply to: Jonathan M. Bresler: "Re: sniffers"
Next in thread: Asriel DeCatte: "Re: sniffers"