Security Incidents mailing list archives

RE: maybe a simple problem

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Sat, 5 Oct 2002 09:29:12 +0200 (CEST)

On Fri, 4 Oct 2002, Jeff Peterson wrote:

A good plan of action to detect if the person is being hacked might be this:

1.  Insert a simple hub, (not a switch), between his pc and the usual
network connection.

2.  Attach another PC to this hub, and collect packets using Ethereal.
(http://www.ethereal.com/).  The hub will allow the sniffer to inspect all
packets to and from his machine.


In a switched networkd ethereal + ettercap will do the same thing. (For 
those that believed a switched network was safe: Welcome to the real world 
;-)

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: maybe a simple problem Brooke, O'neil (EXP) (Oct 02)
- <Possible follow-ups>
- Re: maybe a simple problem Michael Anuzis (Oct 03)
- RE: maybe a simple problem Robinson, Sonja (Oct 03)
- RE: maybe a simple problem george . wasgatt (Oct 04)
- RE: maybe a simple problem Robinson, Sonja (Oct 04)
- RE: maybe a simple problem george . wasgatt (Oct 04)
  - RE: maybe a simple problem Clayton Hoskinson (Oct 05)
- RE: maybe a simple problem Jeff Peterson (Oct 05)
  - RE: maybe a simple problem Hugo van der Kooij (Oct 05)
- Re: maybe a simple problem tabrams (Oct 05)
- RE: maybe a simple problem Rob Keown (Oct 05)