Nmap Announce mailing list archives
Promiscuous mode detection
From: Bruce Dennison <dennis_b () popmail firn edu>
Date: Thu, 04 Mar 1999 09:37:46 -0500
Greetings,
I dont mean to change the subject or appear too terribly lame, but I am
hoping that one of the members can point me in the right direction on
something I have been unable to locate.
I am a system administrator on a large private WAN. I have also recently
been made 'security officer' ... great. I have installed Nmap, its
wonderful ... I am sure you all know this. I have installed Sentry to
monitor my ports and it is also a great product. My problem is this .... I
at least try to keep my system secure (Redhat 5.2), but with Nmaps help I
have discovered that the rest of the admins around here are as lame as they
come. I have been showing them the results of my scans and they havent a
clue. I suspect they are ripe for cracking. I have also installed Sniffit
and we also have a dedicated sniffer up. I need to be able to find out if
there are any other ether cards in promiscuous mode on our local net. The
admins of the other machines here wouldnt know if it they had been
assimilated by a Bourg Collective. I gotta have a way to discover
unauthorized sniffers installed on other equipment.
I have searched for several days at every site on my
hacker/cracker/underground bookmark list to no avail. Its such a needed
application I figure someone must have written one long ago.
Anyone know of a good tool/method/procedure for locating promiscuous NICs?
I appologize for using this wonderful mailing list for something other than
discussing Nmap ... forgive a poor frustrated lamer who is trying to
improve other peoples poor security habits (and learn a bit in the process).
Thanx
Bruce
_________________________________________________________________________
Bruce Dennison Phone: (850) 487-8672
Senior Systems Programmer SunCom: 277-8672
FIRN, Network Management FAX: (850) 922-1359
Florida Education Center, B1-14 dennis_b () popmail firn edu
325 W. Gaines St. FSU Campus mail code:1620
Tallahassee. FL 32399-0400
FIRN Network Maintenance Window: Daily 6:00AM - 7:30AM
To report network problems: 850.487.8657 or s/277.8657
Current thread:
- Promiscuous mode detection Bruce Dennison (Mar 04)
- Re: Promiscuous mode detection Jeremy Johnson (Mar 04)
- Re: Promiscuous mode detection Andrew Brown (Mar 04)
- Re: Promiscuous mode detection Bennett Todd (Mar 04)
- Re: Promiscuous mode detection Adam Shostack (Mar 04)
- Re: Promiscuous mode detection Dug Song (Mar 04)
- Re: Promiscuous mode detection rich (Mar 04)
- Re: Promiscuous mode detection Eric Estabrooks (Mar 04)
- Re: Promiscuous mode detection Adam Shostack (Mar 04)
- Re: Promiscuous mode detection Jordan Ritter (Mar 04)
- Re: Promiscuous mode detection Joel Eriksson (Mar 04)
- Re: Promiscuous mode detection Jeremy Johnson (Mar 04)
- Re: Promiscuous mode detection Arley Carter (Mar 04)