Security Incidents mailing list archives
RE: maybe a simple problem
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Sat, 5 Oct 2002 09:29:12 +0200 (CEST)
On Fri, 4 Oct 2002, Jeff Peterson wrote:
A good plan of action to detect if the person is being hacked might be this: 1. Insert a simple hub, (not a switch), between his pc and the usual network connection. 2. Attach another PC to this hub, and collect packets using Ethereal. (http://www.ethereal.com/). The hub will allow the sniffer to inspect all packets to and from his machine.
In a switched networkd ethereal + ettercap will do the same thing. (For those that believed a switched network was safe: Welcome to the real world ;-) Hugo. -- All email sent to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: maybe a simple problem Brooke, O'neil (EXP) (Oct 02)
- <Possible follow-ups>
- Re: maybe a simple problem Michael Anuzis (Oct 03)
- RE: maybe a simple problem Robinson, Sonja (Oct 03)
- RE: maybe a simple problem george . wasgatt (Oct 04)
- RE: maybe a simple problem Robinson, Sonja (Oct 04)
- RE: maybe a simple problem george . wasgatt (Oct 04)
- RE: maybe a simple problem Clayton Hoskinson (Oct 05)
- RE: maybe a simple problem Jeff Peterson (Oct 05)
- RE: maybe a simple problem Hugo van der Kooij (Oct 05)
- Re: maybe a simple problem tabrams (Oct 05)
- RE: maybe a simple problem Rob Keown (Oct 05)