Penetration Testing mailing list archives
Re: [PEN-TEST] Promiscuous mode detection
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Thu, 14 Sep 2000 17:03:36 -0500
I've personally used AntiSniff (on NT and OpenBSD) and it works very well if you're in a position to sniff THEIR connection, too... if you're on a switch or a different segment, it becomes much harder. I'd recommend picking up a copy of "Hack Proofing Your Network" (or borrowing a copy) and read chapter 9... Heck, go to Borders and Read chapter 9 while you sit there... it's not a long chapter, but it has all sorts of good info on sniffers and their detection... I'll mention a few here: Contacting a bizarre host, and sniffing for another machine to DNS-lookup that host Checking for latency (ping time). compare it's current latency to it's latency from a known clean state from the same network location (usually on same segment, or errors are just too frequent) I could easily recommend: neped.c AntiSniff And some reading... -----Original Message----- From: Stefan Suurmeijer [mailto:stefan () SYMBOLICA NL] Sent: Thursday, September 14, 2000 3:54 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Promiscuous mode detection Hi, I was wondering if people on this list can point me to some good software for detecting NIC's in promiscuous mode. Someone mentioned sentinel in connection with the email sniffing thread. I found this at http://www.subterrain.net/projects/sentinel/ but I don't know if this is any good. Has anyone had good experiences with either this or another package? Thanks, Stefan
Current thread:
- [PEN-TEST] Promiscuous mode detection Stefan Suurmeijer (Sep 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Promiscuous mode detection Dunker, Noah (Sep 14)