Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Promiscuous mode detection

Promiscuous mode detection

From: Bruce Dennison <dennis_b_at_popmail.firn.edu>
Date: Thu, 04 Mar 1999 09:37:46 -0500

Greetings,

I dont mean to change the subject or appear too terribly lame, but I am
hoping that one of the members can point me in the right direction on
something I have been unable to locate.

I am a system administrator on a large private WAN. I have also recently
been made 'security officer' ... great. I have installed Nmap, its
wonderful ... I am sure you all know this. I have installed Sentry to
monitor my ports and it is also a great product. My problem is this .... I
at least try to keep my system secure (Redhat 5.2), but with Nmaps help I
have discovered that the rest of the admins around here are as lame as they
come. I have been showing them the results of my scans and they havent a
clue. I suspect they are ripe for cracking. I have also installed Sniffit
and we also have a dedicated sniffer up. I need to be able to find out if
there are any other ether cards in promiscuous mode on our local net. The
admins of the other machines here wouldnt know if it they had been
assimilated by a Bourg Collective. I gotta have a way to discover
unauthorized sniffers installed on other equipment.

I have searched for several days at every site on my
hacker/cracker/underground bookmark list to no avail. Its such a needed
application I figure someone must have written one long ago.

Anyone know of a good tool/method/procedure for locating promiscuous NICs?

I appologize for using this wonderful mailing list for something other than
discussing Nmap ... forgive a poor frustrated lamer who is trying to
improve other peoples poor security habits (and learn a bit in the process).

Thanx

Bruce
_________________________________________________________________________

Bruce Dennison Phone: (850) 487-8672
Senior Systems Programmer SunCom: 277-8672
FIRN, Network Management FAX: (850) 922-1359
Florida Education Center, B1-14 dennis_b_at_popmail.firn.edu
325 W. Gaines St. FSU Campus mail code:1620
Tallahassee. FL 32399-0400

        FIRN Network Maintenance Window: Daily 6:00AM - 7:30AM
        To report network problems: 850.487.8657 or s/277.8657
Received on Mar 04 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos