Bugtraq mailing list archives
Re: Detecting a sniffer
From: owens () xylan com (Mark Owens)
Date: Tue, 2 May 95 00:50:46 PDT
>Of course you can detect a sniffer, but are you willing to pay the cost >of doing so? You can't "detect a sniffer" from looking at the net; the only way you can try is to identify specific software indications of one being run on your machine. If it's run on a different machine, on one you can't check (perhaps on a palmtop someone has plugged into the net), then you can't detect it at all. Even if it's being run on your server, you can detect it if the author of the sniffer didn't know about, and defeat, the particular detection mechanism you use.
During my work in 'secure' installations, we used fiber media to prevent the 'sniffing' of packets using inductive pickup. This kind of 'sniffer' can't be detected easily - 'cept by seeing it (antennas and wires running next to your cable, where they don't belong, is a give-away) We also used OTDRs to look for splices in the fiber. \mgo
Current thread:
- Re: Detecting a sniffer, (continued)
- Re: Detecting a sniffer Rens Troost (May 02)
- Re: Detecting a sniffer Valdis.Kletnieks () vt edu (May 03)
- Re: Detecting a sniffer Bennett Todd (May 02)
- Re: Detecting a sniffer Dave Horsfall (May 02)
- Re: Detecting a sniffer Dave Barr (May 02)
- Re: Detecting a sniffer Dr. Frederick B. Cohen (May 02)
- Re: Detecting a sniffer Dave Horsfall (May 04)
- Re: Detecting a sniffer Perry E. Metzger (May 04)
- Re: Detecting a sniffer Dave Horsfall (May 04)
- Re: Detecting a sniffer Brett Lymn (May 03)
- Re: Detecting a sniffer Perry E. Metzger (May 04)
- pm speaks too soon Dr. Frederick B. Cohen (May 04)
- Re: pm speaks too soon Perry E. Metzger (May 04)
- Re: pm speaks too soon Jeffrey Russell Horner (May 04)
- Re: HP-UX Explotation/Repair/Info scripts Nathan Lawson (May 04)
- Re: HP-UX Explotation/Repair/Info scripts ice9 (May 04)