Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Detecting a sniffer
From: fc () all net (Dr. Frederick B. Cohen)
Date: Tue, 2 May 1995 06:43:30 -0400 (EDT)

Of course you can detect a sniffer, but are you willing to pay the cost
of doing so? 

You can't "detect a sniffer" from looking at the net; the only way you can
try is to identify specific software indications of one being run on your
machine. If it's run on a different machine, on one you can't check (perhaps
on a palmtop someone has plugged into the net), then you can't detect it at
all. Even if it's being run on your server, you can detect it if the author
of the sniffer didn't know about, and defeat, the particular detection
mechanism you use.

Incorrect - you can detect a sniffer - but it's not cheap.

\Management  /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
 \        /\/   | Check out info-security heaven and test your system
  \/\  /\/      | for known vulnerabilities (1st time for free) at URL:
     \/Analytics| (scans deeper than SATAN or ISS)  http://all.net:8080
   Read "Protection and Security on the Information Superhighway"
   John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]