Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sniffers

From: asriel () chewy wookie net (Asriel DeCatte)
Date: Sun, 30 Apr 1995 21:51:33 -0400 (EDT)


      a sniffer can have its transmit lead cut and still function.  
this configuration is described in one of the common security 
papers--TAMU's tiger paper perhaps, i dont remember.  with the transmit 
lead cut, you cant detect.


This assumes that the snooper you're worried about has physical access to 
the ethernet wire in question. Assuming the intruder does NOT have such 
access, as is the case most of the time, in order to set up a "sniffer" 
the intruder has to modify the configuration of an existing system. The 
changes this individual effects tend to leave footprints. I just figured 
it'd be worth it to know some methods of detecting a software-based sniffer.

------------------------------------------------------------------------
A s r i e l  D e C a t t e  a t  M 0 C K  C h i c a g o ,  1 9 9 5 . . . 
do not lead for I will not follow - do not follow for I will not lead
                        asriel () wookie net
------------------------------------------------------------------------
                     main(){while(1){fork();}}
Previous By Date Next
Previous By Thread Next

Current thread: