[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Caching a sniffer [Resending]

To: "'Full Disclosure'" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Caching a sniffer [Resending]
From: "Motiwala, Yusuf" <motiwala@xxxxxx>
Date: Thu, 11 Mar 2004 20:23:38 +0530

This is very much OS dependent solution. If you rely on some response
technique, one can just disable transmission at sniffing end and you will
never come to know about sniffer existence. It is very easy to do. This
topic was discussed before also without any concrete solution.

Yusuf

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-
> admin@xxxxxxxxxxxxxxxx] On Behalf Of Ian Latter
> Sent: Thursday, March 11, 2004 10:57 AM
> To: Gary E. Miller
> Cc: Full Disclosure
> Subject: Re: [Full-Disclosure] Caching a sniffer
> 
> 
> 
> While there's no way to be sure-sure ... you can get into your
> local LAN segment and send ICMP(/whatever) requests to the
> correct L3 address with the wrong L2 address and see if you
> get a response; this will show you if hosts/devices are listening
> promiscuously (which makes for a good starting point).
> 
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Meth and hacking?
Next by Date: RE: [Full-Disclosure] Looking for MSN Exploit
Previous by thread: RE: [Full-Disclosure] Searching chroot-like jail for Windows
Next by thread: RE: [Full-Disclosure] Meth and hacking?[Scanned]
Index(es):
- Date
- Thread