|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
IDS: detecting a sniffer remotely
laurent van-cauwelaert (Laurent.Van-Cauwelaert
epita.fr)
Fri, 24 Sep 1999 15:50:01 +0000 (GMT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Tim Knox: "IDS: X-Term ports"
- Previous message: matthew.fearnowmcp.com: "IDS: Shadow problems"
- Next in thread: Trevor Schroeder: "Re: IDS: detecting a sniffer remotely"
- Reply: Trevor Schroeder: "Re: IDS: detecting a sniffer remotely"
- Reply: Robert Graham: "RE: IDS: detecting a sniffer remotely"
- Reply: Robert Graham: "RE: IDS: detecting a sniffer remotely"
- Reply: Robert Graham: "Re: IDS: detecting a sniffer remotely"
- Reply: Brotschi, Brian: "RE: IDS: detecting a sniffer remotely"
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
--- Hi there,I've tried to detect a sniffer (ethernet card in PROMISCOUS) remotely whithout result.
What I tried:
- sending a ICMP packet to a nonexistent MAC address, but with the correct IP address of the sniffing host. The host did not answer me.
- doing the same as above but with ARP. The result where the same
The hosts running the sniffer where running Linux (Slackware, RedHat and Debian), whith 2.2.[1-10] kernel.
Does anyone knows if it's possible to detect remotely a sniffing host (specially whithout knowing its IP or MAC address.
- Next message: Tim Knox: "IDS: X-Term ports"
- Previous message: matthew.fearnowmcp.com: "IDS: Shadow problems"
- Next in thread: Trevor Schroeder: "Re: IDS: detecting a sniffer remotely"
- Reply: Trevor Schroeder: "Re: IDS: detecting a sniffer remotely"
- Reply: Robert Graham: "RE: IDS: detecting a sniffer remotely"
- Reply: Robert Graham: "RE: IDS: detecting a sniffer remotely"
- Reply: Robert Graham: "Re: IDS: detecting a sniffer remotely"
- Reply: Brotschi, Brian: "RE: IDS: detecting a sniffer remotely"
This archive was generated by hypermail 2.0b3 on Sat Sep 25 1999 - 01:13:52 CDT