IDS mailing list archives

Re: Counter detect Network Sniffer

From: "gatekeeper" <gatekeeper () globenet com ph>
Date: Tue, 2 Mar 2004 08:05:49 +0800

Non-promiscuous or promiscuous it is still called a sniffer.

they're not going to see anything they don't participate in.


So what? It is good enough to install a sniffer on a box and see what
traffic flows through it (non-promisc) ......  a skillful hacker would still
be able to do a lot of damage. Being able to sniff  everything else
(promisc) is just a bonus ....... well, I think it would only help the
not-so-skillful-hacker ;-)

regards,
jun g.
"hiding in plain sight"

----- Original Message ----- 
From: "Rob Shein" <shoten () starpower net>
To: "'gatekeeper'" <gatekeeper () globenet com ph>;
<focus-ids () securityfocus com>
Sent: Monday, March 01, 2004 12:17 PM
Subject: RE: Counter detect Network Sniffer

If the sniffer is running like this, they're not going to see anything

they

don't participate in.  It's not a sniffer if they aren't in promiscuous
mode.

-----Original Message-----
From: gatekeeper [mailto:gatekeeper () globenet com ph]
Sent: Tuesday, February 24, 2004 2:24 AM
To: focus-ids () securityfocus com
Subject: Re: Counter detect Network Sniffer

Hi,

It may also not work if sniffer was ran non-promiscuously
(i.e. snoop -P)? Is there a way to detect such sniffers? Thanks.

jun g.
"hiding in plain sight"



--------------------------------------------------------------------------

Free 30-day trial: firewall with virus/spam protection, URL filtering,

VPN,

wireless security

Protect your network against hackers, viruses, spam and other risks with

Astaro

Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost

of

ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
--------------------------------------------------------------------------




---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------

Current thread:

RE: Counter detect Network Sniffer Rob Shein (Mar 01)
- Re: Counter detect Network Sniffer Vel (Mar 01)
  - Re: Counter detect Network Sniffer Tillman Hodgson (Mar 01)
  - RE: [inbox] Re: Counter detect Network Sniffer Curt Purdy (Mar 01)
    - RE: [inbox] Re: Counter detect Network Sniffer Rob Shein (Mar 01)
    - RE: [inbox] Re: Counter detect Network Sniffer Curt Purdy (Mar 01)
    - Re: Counter detect Network Sniffer Tod Beardsley (Mar 02)
    - RE: [inbox] Re: Counter detect Network Sniffer Rob Shein (Mar 02)
    - Re: [inbox] Re: Counter detect Network Sniffer Thomas Ptacek (Mar 01)
- Re: Counter detect Network Sniffer Sam f. Stover (Mar 01)
- Re: Counter detect Network Sniffer gatekeeper (Mar 02)
  - Re: Counter detect Network Sniffer Sandro Melo (Mar 02)
- <Possible follow-ups>
- Re: Counter detect Network Sniffer Mike Frantzen (Mar 01)