Re: Caching a sniffer

["Ian Latter" <Ian.Latter () mq edu au>]

While there's no way to be sure-sure ... you can get into your
local LAN segment and send ICMP(/whatever) requests to the
correct L3 address with the wrong L2 address and see if you
get a response; this will show you if hosts/devices are listening 
promiscuously (which makes for a good starting point).




----- Original Message -----
> From: "Gary E. Miller" <gem () rellim com>
> To: "Patricio Bruna V." <pbruna () masev cl>
> Subject:  Re: [Full-disclosure] Caching a sniffer
> Date: Wed, 10 Mar 2004 18:51:07 -0800
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yo Patricio!
>
> On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
>
> > How can i know if there a sniffer running in my network?
>
> If the hacker has had physical access to your network, even for just a
> few minutes, then there are many ways he can install a sniffer you can
> never find short of tearing everything apart.
>
> If you care about your data, you better encrypt end to end.
>
> RGDS
> GARY
> - ---------------------------------------------------------------------------
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
>       gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i
> W5eaIQIRi3Zx+B87I3nZKZ0=
> =p/BH
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html