Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Caching a sniffer
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Thu, 11 Mar 2004 15:26:55 +1000

While there's no way to be sure-sure ... you can get into your
local LAN segment and send ICMP(/whatever) requests to the
correct L3 address with the wrong L2 address and see if you
get a response; this will show you if hosts/devices are listening 
promiscuously (which makes for a good starting point).

----- Original Message -----
From: "Gary E. Miller" <gem () rellim com>
To: "Patricio Bruna V." <pbruna () masev cl>
Subject:  Re: [Full-disclosure] Caching a sniffer
Date: Wed, 10 Mar 2004 18:51:07 -0800

Hash: SHA1

Yo Patricio!

On Wed, 10 Mar 2004, Patricio Bruna V. wrote:

How can i know if there a sniffer running in my network?

If the hacker has had physical access to your network, even for just a
few minutes, then there are many ways he can install a sniffer you can
never find short of tearing everything apart.

If you care about your data, you better encrypt end to end.

- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
      gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

Version: GnuPG v1.2.3 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Ian Latter
Internet and Networking Security Officer
Macquarie University

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]