Bugtraq mailing list archives

Re: snooper watchers

From: aleph1 () dfw net (Aleph One)
Date: Thu, 23 Feb 1995 01:55:56 -0600 (CST)


Here are a few I found:

        http://underground.org/tools/unix/audit/cpm/cpm.1.0.tgz
        http://underground.org/tools/unix/audit/ifstatus/ifstatus.tgz

Dont know if they will work on Solaris 2.x though.


On Wed, 22 Feb 1995, Eric Conrad wrote:

The first thing many crackers do is replace ifconfig with a trojan that 
won't report when an interface is in promiscuous mode.

You could look at 'cpm', which will also show when an interface is 
promiscuous.  It's available from ftp.cert.org.  You're still in the same 
boat if someone replaces it with their own, however.

                              ...Eric

Current thread:

new sendmail bug?, (continued)
- - - new sendmail bug? James W. Abendschan (Feb 22)
    - Re: new sendmail bug? joel (Feb 22)
    - Re: new sendmail bug? Dave Horsfall (Feb 22)
    - Sendmail 8.6.10: what's different? der Mouse (Feb 23)
    - X keyboard sniffing Paul Howell (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
    - Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
    - Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)
    - Re: new sendmail bug? Michael Van Norman (Feb 23)
    - Re: snooper watchers Aleph One (Feb 22)
    - Re: HP-UX Problem... Pete Shipley (Feb 21)