scottagnac.com

• Next message: Martin Roesch: "Re: [snort] 1.6-beta11 available [CVS & WWW]"
• Previous message: Mullen, Patrick: "[OT] RE: [snort] A suggestion on thwarting DDOS attacks"
• In reply to: Jerry Shenk: "[snort] scan network for promiscuous mode"
• Next in thread: Steve Gibson: "Re: [snort] scan network for promiscuous mode"
• Reply: Scott Armstrong: "RE: [snort] scan network for promiscuous mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The l0pht has anti-sniff. Tried it out and it seemed to work fairly well. You won't catch everything the first time, but over time you should be able to detect most of them. There's a 15 day trial version on their site.

Scott

>-----Original Message-----
>From: bounce+snortbofh.kyrnet.kg [mailto:bounce+snortbofh.kyrnet.kg]On
>Behalf Of Jerry Shenk
>Sent: Wednesday, March 08, 2000 9:32 AM
>To: Martin Roesch
>Subject: [snort] scan network for promiscuous mode
>
>
>Is there any way to determine if there is a sniffer running
>anywhere on the network?
>
>We've talked about this some at work. It sure would be nice to know if
>anybody on the LAN is running things like snort, tcpdump and the like...or
>even something like a simple password grabber....I suppose that runs in
>promiscuous mode also.
>
>Jerry A. Shenk, MCNE
>Sr. Systems Engineer - Computer Networking Services
>D&E Communications, Inc.
>jshenkdecommunications.com
>1-877-433-8632 Fax via efax: (603) 250-1453
>my website: www.dect.com/jas
>

• Next message: Martin Roesch: "Re: [snort] 1.6-beta11 available [CVS & WWW]"
• Previous message: Mullen, Patrick: "[OT] RE: [snort] A suggestion on thwarting DDOS attacks"
• In reply to: Jerry Shenk: "[snort] scan network for promiscuous mode"
• Next in thread: Steve Gibson: "Re: [snort] scan network for promiscuous mode"
• Reply: Scott Armstrong: "RE: [snort] scan network for promiscuous mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]