nanog mailing list archives
Re: sniffer/promisc detector
From: Donovan Hill <lists () lazyeyez net>
Date: Sat, 17 Jan 2004 11:33:02 -0800
On Saturday 17 January 2004 11:18 am, Scott McGrath wrote:
It is also possible to sniff a network using only the RX pair so most of the tools to detect cards in P mode will fail. The new Cisco 6548's have TDR functionality so you could detect unauthorized connections by their physical characteristics. But there are also tools like ettercap which exploit weaknesses within switched networks. See http://ettercap.sourceforge.net/ for more details (and gain some add'l grey hairs in the process). The question here is what are you trying to defend against?.
Maybe this is just a stupid comment, but if the original poster is that concerned with their LAN being sniffed, then maybe they should consider using IPSec on their LAN. -- Donovan Hill Electronics Engineering Technologist, CCNA www.lazyeyez.net, www.gwsn.com
Current thread:
- sniffer/promisc detector Gerald (Jan 16)
- Re: sniffer/promisc detector Laurence F. Sheldon, Jr. (Jan 16)
- Re: sniffer/promisc detector Joel Jaeggli (Jan 16)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 16)
- Re: sniffer/promisc detector Sam Stickland (Jan 17)
- Re: sniffer/promisc detector Scott McGrath (Jan 17)
- Re: sniffer/promisc detector Donovan Hill (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Donovan Hill (Jan 17)
- Re: sniffer/promisc detector Deepak Jain (Jan 17)
- Re: sniffer/promisc detector E.B. Dreger (Jan 18)
- Re: sniffer/promisc detector Laurence F. Sheldon, Jr. (Jan 16)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Scott McGrath (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Chris Brenton (Jan 16)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)