IDS mailing list archives
RE: sniffer detection on switched based networks
From: "Angel Rivera" <arivera () mitre org>
Date: Thu, 6 Feb 2003 09:26:58 -0500
Adding to Mr. Gaya's request I would also be interested in ways to prevent this type of attack. I apologize for it being slightly off the IDS subject but this is one finding that keeps coming up in vulnerability assessments and the solutions I know about (Switch ACL's restricting individual MAC addresses which requires you inventory each network card's MAC address) are really not practical at all. -----Original Message----- From: Sangram [mailto:sangram () mahindrabt com] Sent: Wednesday, February 05, 2003 12:00 AM To: focus-ids () securityfocus com Subject: sniffer detection on switched based networks Hi, As we know sniffing on swithch based networks is not easy (ignoring the monitor port of the switch). Usually a arp spoof, DNS spoof or other such attacks have to be launched. There are tools like Dsniff which can accomplish this task quite easily. Now what I would like to know is there any method / tool or snort ids rule set which can detect such sniffers on systems esp on switch based networks. And here I am talking of large corporate ethernet networks. The considerations are that I dont want to over load the network by probing each w/s indivisually. And if the process is automated it would be all the more better. Regards Sangram Gayal Associate Consultant Enterprise Security Consulting Group Mahindra - British Telecom Ltd. ********************************************************* Disclaimer This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ********************************************************* Visit us at http://www.mahindrabt.com
Current thread:
- sniffer detection on switched based networks Sangram (Feb 05)
- Re: sniffer detection on switched based networks Rob McMillen (Feb 06)
- Re: sniffer detection on switched based networks Brett Harris (Feb 06)
- RE: sniffer detection on switched based networks Angel Rivera (Feb 06)