Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Promiscuous mode detection
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Thu, 14 Sep 2000 17:03:36 -0500

I've personally used AntiSniff (on NT and OpenBSD) and it works very well
if you're in a position to sniff THEIR connection, too... if you're on a
switch or a different segment, it becomes much harder.

I'd recommend picking up a copy of "Hack Proofing Your Network" (or
borrowing a copy) and read chapter 9... Heck, go to Borders and Read
chapter 9 while you sit there... it's not a long chapter, but it has
all sorts of good info on sniffers and their detection... I'll mention
a few here:

Contacting a bizarre host, and sniffing for another machine to DNS-lookup
        that host

Checking for latency (ping time).  compare it's current latency to it's
latency from a known clean state from the same network location (usually
on same segment, or errors are just too frequent)

I could easily recommend:
neped.c
AntiSniff

And some reading...


-----Original Message-----
From: Stefan Suurmeijer [mailto:stefan () SYMBOLICA NL]
Sent: Thursday, September 14, 2000 3:54 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Promiscuous mode detection


Hi,

I was wondering if people on this list can point me to some good software
for detecting NIC's in promiscuous mode. Someone mentioned sentinel in
connection with the email sniffing thread. I found this at
http://www.subterrain.net/projects/sentinel/ but I don't know if this is
any good. Has anyone had good experiences with either this or
another package?

Thanks,

Stefan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]