Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Re[2]: sniffers
From: fc () all net (Dr. Frederick B. Cohen)
Date: Thu, 4 May 1995 03:54:49 -0400 (EDT)

Dan says:
Nayfield, Rod wrote:

| Right.  There is no way.  one of smb's papers (and the book) mention using a 
| sniffer with transmit leads cut.  
| The best protection would be to use switches instead of hubs... even  a 
| multi-port bridge for thinnet is a good idea when you use it to seperate 
| workgroups.
Right, no way to detect a sniffer with no transmit lead. But many
funny way to kill it. All you need is 2 machines faster than the
potential sniffer.

I strongly disagree - any sniffing technology can be detected - but the
cost may be too high to be of practical utility for many situations. 
SMB's comments refer strictly to observations of network traffic, and
not to all possible means of detection. 

\Management  /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
 \        /\/   | Check out info-security heaven and test your system
  \/\  /\/      | for known vulnerabilities (1st time for free) at URL:
     \/Analytics| (scans deeper than SATAN or ISS)  http://all.net:8080
   Read "Protection and Security on the Information Superhighway"
   John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]