[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Caching a sniffer

To: <ksmith@xxxxxxxxxxxxxxxxxxxxxxx>, <pbruna@xxxxxxxx>
Subject: RE: [Full-Disclosure] Caching a sniffer
From: "Mike Fratto" <mfratto@xxxxxxx>
Date: Thu, 11 Mar 2004 12:43:17 -0500

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of 
> Kenton Smith
> Sent: Thursday, March 11, 2004 11:50 AM
> To: pbruna@xxxxxxxx
> Cc: Full Disclosure; SECURITY-BASICS@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Caching a sniffer
> 
> 
> I skimmed through some of the articles and they all have some 
> good information. Are you running a switched network? If you 
> are then the easiest way is to look at your traffic stats and 
> find the port that
> *all* traffic is going to.
> If this doesn't make sense to you, then you should do some 
> more research on sniffers.

Your assuming that the attacker 1) has control of the switch and 2) is
sniffing either the uplink or has configured the switch to mirror all the
switch ports or VLAN to the mirror port. 

Neither of which may be the case.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Caching a sniffer
  - From: Kenton Smith
- [Full-Disclosure] Caching a sniffer; Re:
  - From: Kenton Smith
- [Full-Disclosure] Caching a sniffer; Re:
  - From: Kenton Smith

References:
- Re: [Full-Disclosure] Caching a sniffer
  - From: Kenton Smith

Prev by Date: RE: [Full-Disclosure] Caching a sniffer
Next by Date: RE: [Full-Disclosure] Meth and hacking?[Scanned]
Previous by thread: Re: [Full-Disclosure] Caching a sniffer
Next by thread: RE: [Full-Disclosure] Caching a sniffer
Index(es):
- Date
- Thread