IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Counter detect Network Sniffer

From: Raistlin <raistlin () s0ftpj org>
Date: Sat, 21 Feb 2004 12:16:51 +0100
Bill Mok wrote:

Is there any method to detect one using sniffer, say
ethereal, in the same network?


A lot of ways. You may look at:

http://www.s0ftpj.org/tools/proscan.c

It's an old one, but should still be working: it tries to detect
interfaces in PROMISC mode using non-standard queries. Then there are
ways to patch sniffers in order to become more difficult to detect, such as:

http://www.s0ftpj.org/tools/aasniff.tgz

It's a battle, as always :)

-- 
Raistlin

S0ftPj - Digital Security for Y2K

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/E/IT/TW d++(-) s++:-- a--  C++++ U++++ P(---) L+++ E----
W+++ N++ o K+ w--- O- M-- V-- PS++ PE- Y++ PGP++ t+++ 5+
X+@ R+++ tv-- b+++ DI++++ D++ G+ e+++>++++(*) h! r++ y+
------END GEEK CODE BLOCK------


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integrates 
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: