Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Detecting a sniffer
From: owens () xylan com (Mark Owens)
Date: Tue, 2 May 95 00:50:46 PDT

   >Of course you can detect a sniffer, but are you willing to pay the cost
   >of doing so? 
   You can't "detect a sniffer" from looking at the net; the only way you can
   try is to identify specific software indications of one being run on your
   machine. If it's run on a different machine, on one you can't check (perhaps
   on a palmtop someone has plugged into the net), then you can't detect it at
   all. Even if it's being run on your server, you can detect it if the author
   of the sniffer didn't know about, and defeat, the particular detection
   mechanism you use.

During my work in 'secure' installations, we used fiber media to prevent
the 'sniffing' of packets using inductive pickup. This kind of 'sniffer'
can't be detected easily - 'cept by seeing it (antennas and wires running
next to your cable, where they don't belong, is a give-away)

We also used OTDRs to look for splices in the fiber.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]