Intrusion Detection Systems mailing list archives

Re: detecting a sniffer remotely

From: Laurent.Van-Cauwelaert () epita fr (laurent van-cauwelaert)
Date: Thu, 14 Oct 1999 15:05:41 +0000 (GMT)

I grabbed the L0pht's AntiSniff for UNIX and it worked reasonably well.  Of
course, that was against a slow box, so the PING variance test worked like
a charm.


What was the OS on the machine running the sniffer? 
     -Latest version of linux kernel seems to have a good implementation
     of TCP/IP, I mean the kernel only response to what he should, for
     example:
         a forged packet with the ip_addr of the machine running the
         sniffer but without the correct mac_addr, won't have any response)

Does the sniffer resolv the address? (Because if it does
it's really easy to detect)

van-ca_l () epita fr

Current thread:

Re: detecting a sniffer remotely seregon (Oct 01)
- <Possible follow-ups>
- RE: detecting a sniffer remotely Hunt, Charles (Oct 14)
  - Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 14)
    - Re: detecting a sniffer remotely laurent van-cauwelaert (Oct 14)
    - Re: detecting a sniffer remotely Trevor Schroeder (Oct 14)
    - Re: RE: detecting a sniffer remotely CyberPsychotic (Oct 15)
    - Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 15)
    - Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 16)
  - Re: RE: detecting a sniffer remotely CyberPsychotic (Oct 15)
    - Re: RE: detecting a sniffer remotely laurent van-cauwelaert (Oct 16)
- Re: RE: detecting a sniffer remotely Robert Graham (Oct 14)
- Re: RE: detecting a sniffer remotely Robert Graham (Oct 16)