Re: Promiscuous mode detection

[rich <raf () ezunx com>]

I agree with other posts regarding "cut wires" -- moral of
the story -- Locks keep out honest people, but not crooks --
Hence - Sniffer detectors detect honest hackers, but not the
real crackers.  

I have a modified cable and 3com pcmcia card that allow me 
to plug into any net, change MAC address and sniff without
being detected (either way I want to do it) -- I am an honest hacker
that helps companies, but I use this to show them that if they
do have "fancy schmancy detector software" that it won't find
me.  

So, just like the story of nmap -- an administrator's tool or a 
hacker's tool --- Sniffer detectors are in the same base -- they
may or may not do you any good.  Depends on who you are
really trying to "catch"

regards
r

At 05:21 PM 3/4/99 -0500, Dug Song wrote:
> On Thu, 4 Mar 1999, Adam Shostack wrote:
>
> >      There was a paper at RAID'98 to send false credentials over
> > the wires, and build honey pots to trap it when someone attempts to
> > use it.
>
> the "sniffer detector", by the GSAL group at IBM Zurich.
>
> http://www.zurich.ibm.com/Technology/Security/extern/gsal/sniffer_detector.
html
> -d.
>
> ---
> http://www.monkey.org/~dugsong/