Bugtraq mailing list archives
Re: detecting sniffers is downright easy
From: krvw () assist mil (Kenneth R. van Wyk)
Date: Wed, 10 May 95 09:45:49 -0400
Dr. Cohen writes:
...I thought I would mention that detecting sniffers from a real-world point of view is downright easy in almost all cases. ... All current (2) programs can be detected by comparing the OS programs with their original distribution versions using MD5 or a similar cryptographic checksum technique. This has been widely published for over 5 years.
I agree with the above to a point. The assumption that you are making is that you have _access_ to the system that has a sniffer installed on it. The vast majority of sniffed sessions that I am aware of have involved sniffers running on machines that the victim doesn't have access to. Picture a sniffer running on your local Internet service provider's backbone system(s). Anyone connecting into your site using a static password results in that person's password being sniffed - with no requirement for a sniffer to be running on any of the systems within your local domain. Take a look at a traceroute output from your site to <any other internet site> sometime and see just how many systems and networks your packets traverse that you have absolutely no control or authority over. How would you (legally) detect a sniffer on one of those? I do agree, however, that it is easy to detect any of the currently observed sniffers on a host that you have access to. Cheers, Ken van Wyk
Current thread:
- Anon site needed for FIP Pub 190 Everett F Batey SysAdm (May 08)
- SECURITY META HOTLIST Alberto Verga (May 09)
- Re: SECURITY META HOTLIST Charles R. Hoynowski (May 10)
- detecting sniffers is downright easy Dr. Frederick B. Cohen (May 10)
- Re: detecting sniffers is downright easy Kenneth R. van Wyk (May 10)
- snooper detection Dr. Frederick B. Cohen (May 10)
- Re: detecting sniffers is downright easy Perry E. Metzger (May 10)
- Re: detecting sniffers is downright easy Dr. Frederick B. Cohen (May 10)
- Re: detecting sniffers is downright easy Ronald Holland (May 10)
- Re: detecting sniffers is downright easy Christopher Klaus (May 10)
- imp vs. imp. END !! MIGUEL ESTEVES (May 10)
- Re: detecting sniffers is downright easy Chris Swanson (May 11)
- Re: Anon site needed for FIP Pub 190 Paul C Leyland (May 10)
- Re: Anon site needed for FIP Pub 190 Mark Joseph Crosbie (May 10)
- SECURITY META HOTLIST Alberto Verga (May 09)