Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1995: Re: How to detect a sniffer

Re: How to detect a sniffer

Frank Wortner (frankprodigy.com)
Mon, 8 May 1995 09:58:03 -0400 (EDT)

On Fri, 5 May 1995, Dr. Frederick B. Cohen wrote:

> I await anxiously the unbounded diatribe that is certain to result from
> this assessment of the difficulty in detection of sniffers, but please
> don't use the same sorts of abusive language or insults that you have
> been throwing around so freely before asking legitimate questions.  Just
> because you don't know how, doesn't make it impossible.

It doesn't make it likely, either.  All other "protective"  technology and
techniques are just the embodiment of a willingness to accept some degree
of risk in return for the possibility of some benefit.  Because an
organization desires network technology and connectivity, it must be
willing to accept the risks that go along with that.  The cost of
detecting every possible breach has to be weighed against the benefit ---
and in this case, the likelihood of that breach.  Since we are talking
about what Dr. Cohen implies is *extremely* expensive technology, the
possibility that someone will deploy it against most LANs or WANs is
*extremely* remote. 

If I'm wrong about the cost and difficulty involved,  then please correct 
me.   Meanwhile, I won't loose any sleep about this "vulnerability."

In short, "Let's get real!"


"Outside of a dog, a book is a man's best friend;
 inside of a dog, it's too dark to read."  -- Groucho Marx