[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Caching a sniffer

To: "'Ian Latter'" <Ian.Latter@xxxxxxxxx>, "'Gary E. Miller'" <gem@xxxxxxxxxx>
Subject: RE: [Full-Disclosure] Caching a sniffer
From: "Motiwala, Yusuf" <motiwala@xxxxxx>
Date: Thu, 11 Mar 2004 16:49:50 +0530

This is very much OS dependent solution. One can just disable transmission
at sniffing end (say by modifying driver) and you will never come to know
about sniffer existence. I think this topic was discussed before also
without any concrete solution.

Yusuf


> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-
> admin@xxxxxxxxxxxxxxxx] On Behalf Of Ian Latter
> Sent: Thursday, March 11, 2004 10:57 AM
> To: Gary E. Miller
> Cc: Full Disclosure
> Subject: Re: [Full-Disclosure] Caching a sniffer
> 
> 
> 
> While there's no way to be sure-sure ... you can get into your
> local LAN segment and send ICMP(/whatever) requests to the
> correct L3 address with the wrong L2 address and see if you
> get a response; this will show you if hosts/devices are listening
> promiscuously (which makes for a good starting point).
> 
> 
> 
> 
> ----- Original Message -----
> >From: "Gary E. Miller" <gem@xxxxxxxxxx>
> >To: "Patricio Bruna V." <pbruna@xxxxxxxx>
> >Subject:  Re: [Full-Disclosure] Caching a sniffer
> >Date: Wed, 10 Mar 2004 18:51:07 -0800
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Yo Patricio!
> >
> > On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> >
> > > How can i know if there a sniffer running in my network?
> >
> > If the hacker has had physical access to your network, even for just a
> > few minutes, then there are many ways he can install a sniffer you can
> > never find short of tearing everything apart.
> >
> > If you care about your data, you better encrypt end to end.
> >
> > RGDS
> > GARY
> > - ----------------------------------------------------------------------
> -----
> > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> >     gem@xxxxxxxxxx  Tel:+1(541)382-8588 Fax: +1(541)382-8676
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.3 (GNU/Linux)
> >
> > iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i
> > W5eaIQIRi3Zx+B87I3nZKZ0=
> > =p/BH
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> --
> Ian Latter
> Internet and Networking Security Officer
> Macquarie University
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Searching chroot-like jail for Windows
Next by Date: RE: [Full-Disclosure] Caching a sniffer
Previous by thread: RE: [Full-Disclosure] Caching a sniffer
Next by thread: Re: [Full-Disclosure] Caching a sniffer
Index(es):
- Date
- Thread