IDS mailing list archives
RE: [inbox] Re: Counter detect Network Sniffer
From: Joseph M Hoffman <hoffjose () us ibm com>
Date: Mon, 1 Mar 2004 14:41:10 -0600
You can also use a device called a shomiti tap , network taps enable passive monitoring access for security and net management devices to include protocol analyzers, ids, and more. Joseph M. Hoffman,CISSP, CCSA,CCSE,NSWC,SBFCC,B.A. I.B.M. Security & Privacy Services office 816-228-3275 mobile 816-721-3275 The highest reward for man's toil is not what he gets for it, but what he becomes by it. John Ruskin "Curt Purdy" <purdy () tecman com To: "'Vel'" <vel () sympatico ca>, "'Rob Shein'" <shoten () starpower net>, > "'gatekeeper'" <gatekeeper () globenet com ph>, <focus-ids () securityfocus com> cc: 03/01/2004 12:51 Subject: RE: [inbox] Re: Counter detect Network Sniffer PM Vel wrote:
How can a sniffer be run in non-promiscuous mode ?
<snip>
It may also not work if sniffer was ran non-promiscuously (i.e. snoop -P)? Is there a way to detect such sniffers? Thanks.
You can run in promiscuose mode without fear of detection by cutting the TX wires 1&2 leaving only your RX wires. This is actually my preferred method of running an IDS to evade detection. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 --------------------------------------------------------------------------- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
Current thread:
- RE: [inbox] Re: Counter detect Network Sniffer Joseph M Hoffman (Mar 01)
- RE: [inbox] Re: Counter detect Network Sniffer AJ Butcher, Information Systems and Computing (Mar 03)