IDS mailing list archives
Re: Counter detect Network Sniffer
From: Tod Beardsley <todb () planb-security net>
Date: Mon, 1 Mar 2004 23:19:21 -0600
Curt Purdy wrote:
However, I will contend with your statement as much network traffic is non-ip dependant i.e. dhcp, arp, etc. The only way you can absolutely guarentee non-detection of a network box is to do as I suggested.
Well, iptables rules on your OUTPUT chain and ifconfig -arp should do the same trick, but without having to snip a wire (and thus, remotely settable). Right? Snipping wires will be more reliable, and probably the only way to do it on Windows, but it's kind of a one-way operation, unless you've trained your Asimo how to crimp. FWIW, uses for a non-promisc sniffer: Troubleshooting (tcpdump is a hammer, all net OS problems are nails) Rootkit (or other application) control without binding a TCP/UDP port Self-training on How Nmap/Nessus Does Its Thing ...that's all I can think of. -- "It's okay to yell 'fire' in a crowded theater if the theater is actually on fire." Tod Beardsley | www.planb-security.net --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
Current thread:
- RE: Counter detect Network Sniffer Rob Shein (Mar 01)
- Re: Counter detect Network Sniffer Vel (Mar 01)
- Re: Counter detect Network Sniffer Tillman Hodgson (Mar 01)
- RE: [inbox] Re: Counter detect Network Sniffer Curt Purdy (Mar 01)
- RE: [inbox] Re: Counter detect Network Sniffer Rob Shein (Mar 01)
- RE: [inbox] Re: Counter detect Network Sniffer Curt Purdy (Mar 01)
- Re: Counter detect Network Sniffer Tod Beardsley (Mar 02)
- RE: [inbox] Re: Counter detect Network Sniffer Rob Shein (Mar 02)
- Re: [inbox] Re: Counter detect Network Sniffer Thomas Ptacek (Mar 01)
- Re: Counter detect Network Sniffer Vel (Mar 01)
- Re: Counter detect Network Sniffer Sandro Melo (Mar 02)
- <Possible follow-ups>
- Re: Counter detect Network Sniffer Mike Frantzen (Mar 01)