Bugtraq mailing list archives
Re: Re[2]: sniffers
From: fc () all net (Dr. Frederick B. Cohen)
Date: Thu, 4 May 1995 03:54:49 -0400 (EDT)
Dan says:
Nayfield, Rod wrote: | Right. There is no way. one of smb's papers (and the book) mention using a | sniffer with transmit leads cut. | | The best protection would be to use switches instead of hubs... even a | multi-port bridge for thinnet is a good idea when you use it to seperate | workgroups.
...
Right, no way to detect a sniffer with no transmit lead. But many funny way to kill it. All you need is 2 machines faster than the potential sniffer.
I strongly disagree - any sniffing technology can be detected - but the cost may be too high to be of practical utility for many situations. SMB's comments refer strictly to observations of network traffic, and not to all possible means of detection. -- ----------------- \Management /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236 \ /\/ | Check out info-security heaven and test your system \/\ /\/ | for known vulnerabilities (1st time for free) at URL: \/Analytics| (scans deeper than SATAN or ISS) http://all.net:8080 ----------------- Read "Protection and Security on the Information Superhighway" John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95
Current thread:
- Re: sniffers, (continued)
- Re: sniffers Patrick Horgan (Apr 30)
- Re: sniffers Colin Jenkins (May 02)
- Re: sniffers Colin Jenkins (May 01)
- Re: sniffers Mr Martin J Hargreaves (May 01)
- Re: sniffers Cyrus Lesser (May 01)
- Re: sniffers mulligan () future incog com (May 01)
- Re: sniffers Oliver Friedrichs (May 01)
- Re: sniffers Jas (May 02)
- Re: sniffers mulligan () future incog com (May 02)
- Re: sniffers Oliver Friedrichs (May 01)
- Re: Re[2]: sniffers Daniel Azuelos (May 02)
- Re: Re[2]: sniffers Dr. Frederick B. Cohen (May 04)
- Re: sniffers der Mouse (May 02)
- Re: sniffers Dios (May 02)
- Re: sniffers Patrick Horgan (Apr 30)