mailing list archives
Re: detecting sniffers is downright easy
From: holland () Telchar Jpl Nasa Gov (Ronald Holland)
Date: Wed, 10 May 1995 08:40:28 -0700 (PDT)
On Wed, 10 May 1995, Dr. Frederick B. Cohen wrote:
All current (2) programs can be detected by comparing the OS programs
with their original distribution versions using MD5 or a similar
cryptographic checksum technique. This has been widely published for
over 5 years.
Thus, not only is detection of all Unix-based real-world sniffers not
impossible or infeasible, it is downright easy and simple.
Correct me if I am wrong, but the sniffers we have seen here do not
modify any OS programs. The OS program may have been trojaned as a
separate attack to provide entry points, but the sniffer itself does not
modify anything (Other than putting /dev/nit into promiscuos mode on
Assuming that you are correct, all I have to do is get our 10,000
machines to run tripwire and the 400 part-time system administrators to
easy.... simple.... I don't think so, Fred...
Ron Holland holland () telchar jpl nasa gov
Communications, Computer & Network Services
JPL / NASA - Pasadena, CA
Visualize Whirled Peas... Ummmm.. Make that World Peace!