Bugtraq mailing list archives
Re: detecting sniffers is downright easy
From: holland () Telchar Jpl Nasa Gov (Ronald Holland)
Date: Wed, 10 May 1995 08:40:28 -0700 (PDT)
On Wed, 10 May 1995, Dr. Frederick B. Cohen wrote:
All current (2) programs can be detected by comparing the OS programs with their original distribution versions using MD5 or a similar cryptographic checksum technique. This has been widely published for over 5 years. Thus, not only is detection of all Unix-based real-world sniffers not impossible or infeasible, it is downright easy and simple.
Correct me if I am wrong, but the sniffers we have seen here do not modify any OS programs. The OS program may have been trojaned as a separate attack to provide entry points, but the sniffer itself does not modify anything (Other than putting /dev/nit into promiscuos mode on SunOS). Assuming that you are correct, all I have to do is get our 10,000 machines to run tripwire and the 400 part-time system administrators to be observant... easy.... simple.... I don't think so, Fred... ------------ Ron Holland holland () telchar jpl nasa gov Communications, Computer & Network Services JPL / NASA - Pasadena, CA Visualize Whirled Peas... Ummmm.. Make that World Peace!
Current thread:
- Anon site needed for FIP Pub 190 Everett F Batey SysAdm (May 08)
- SECURITY META HOTLIST Alberto Verga (May 09)
- Re: SECURITY META HOTLIST Charles R. Hoynowski (May 10)
- detecting sniffers is downright easy Dr. Frederick B. Cohen (May 10)
- Re: detecting sniffers is downright easy Kenneth R. van Wyk (May 10)
- snooper detection Dr. Frederick B. Cohen (May 10)
- Re: detecting sniffers is downright easy Perry E. Metzger (May 10)
- Re: detecting sniffers is downright easy Dr. Frederick B. Cohen (May 10)
- Re: detecting sniffers is downright easy Ronald Holland (May 10)
- Re: detecting sniffers is downright easy Christopher Klaus (May 10)
- imp vs. imp. END !! MIGUEL ESTEVES (May 10)
- Re: detecting sniffers is downright easy Chris Swanson (May 11)
- Re: Anon site needed for FIP Pub 190 Paul C Leyland (May 10)
- Re: Anon site needed for FIP Pub 190 Mark Joseph Crosbie (May 10)
- SECURITY META HOTLIST Alberto Verga (May 09)