mailing list archives
From: rnayfield () mail iconnet com (Nayfield, Rod)
Date: Sun, 30 Apr 95 14:52:35 EST
Right. There is no way. one of smb's papers (and the book) mention using a
sniffer with transmit leads cut.
The best protection would be to use switches instead of hubs... even a
multi-port bridge for thinnet is a good idea when you use it to seperate
______________________________ Reply Separator _________________________________
Subject: Re: sniffers
Author: "Jonathan M. Bresler" <jmb () kryten Atinc COM> at Internet
Date: 4/30/95 7:02 AM
Is there any way to find out if a sniffer is on the net?
no. absolutely none (per SANS'95 conference)
a sniffer can have its transmit lead cut and still function.
this configuration is described in one of the common security
papers--TAMU's tiger paper perhaps, i dont remember. with the transmit
lead cut, you cant detect.
now a good capture digital ocilloscope and a one shot pulse
generator may allow you to see the reflections at each tap (imperfect
impedence matching of coax and taps procudce reflections) the time from
pulse to reflection is twice the travel time to the tap. a TDR (time
domain reflectometer) does this. but the signal will be very weak. no
standard network administrator equipment ;(
SUMMARY: AntiFlash talkd Richard Allen (Apr 24)
Good Times Nayfield, Rod (Apr 24)
Re: Kerberos availability (Re: NIS) Roger Bolton (Apr 21)