Re: How to sniff packets from afar?

[miguel.dilaj () pharma novartis com]

Hello Shawn

I'm not aware of the "remote" sniffing capabilities you mention, but
regarding the tap of a T1 I recall some info in www.ntrootkit.org. I've no
web access here to check, but I'm pretty sure that there's some links in
this page.
Best regards,

Miguel Dilaj





"Shawn Duffy" <sduffy () xecu net> on 02/11/2001 23:14:48

To:   <pen-test () securityfocus com>
cc:
Subject:  How to sniff packets from afar?


I have a customer that has an EAL-4 Firewall with strong CGI scripting
protection on it and I was asked to look at a pen-test for him.
He currently has some of his own people periodically try to break-in to
keep it current with his changing environment.
I was wondering if any knows of a way to sniff packets from either his
VPN tunnel connections or traffic through his firewall when you cannot
connect directly in between his ISP and router.

I was told it is possible, but I don't see how.  Also, would anyone know
how to tap a T1 line from a dmark without disrupting service and without
knowing the parameters?

--
Shawn.







----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/