Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Caching a sniffer
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Thu, 11 Mar 2004 15:26:55 +1000



While there's no way to be sure-sure ... you can get into your
local LAN segment and send ICMP(/whatever) requests to the
correct L3 address with the wrong L2 address and see if you
get a response; this will show you if hosts/devices are listening 
promiscuously (which makes for a good starting point).




----- Original Message -----
From: "Gary E. Miller" <gem () rellim com>
To: "Patricio Bruna V." <pbruna () masev cl>
Subject:  Re: [Full-disclosure] Caching a sniffer
Date: Wed, 10 Mar 2004 18:51:07 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Patricio!

On Wed, 10 Mar 2004, Patricio Bruna V. wrote:

How can i know if there a sniffer running in my network?

If the hacker has had physical access to your network, even for just a
few minutes, then there are many ways he can install a sniffer you can
never find short of tearing everything apart.

If you care about your data, you better encrypt end to end.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
      gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAT9Qe8KZibdeR3qURAhDPAKCuNz7q8joqyij/T1AHy0DHBF00HgCfTl0i
W5eaIQIRi3Zx+B87I3nZKZ0=
=p/BH
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--
Ian Latter
Internet and Networking Security Officer
Macquarie University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]