Intrusion Detection Systems mailing list archives
Re: RE: detecting a sniffer remotely
From: tschroed () acm org (Trevor Schroeder)
Date: Sat, 16 Oct 1999 00:59:01 -0500 (CDT)
On Sat, 16 Oct 1999, CyberPsychotic wrote:
drop maliformed frames. But neither sniffing would work in such envinroment. (just to make sure you haven't missed this detail ;-))
Be careful about this statement, it's not true. Passive sniffing doesn't work, but ARP-based redirection attacks do. See a thread about this on the Cisco 675 a while back. The old "you can't sniff a switched network" is a load of crap. Most switched networks are just as vulnerable to sniffing as shared media networks. .......................................................................... : "I knew it was going to cost me my head and also my swivel chair, but : : I thought: What the hell--better men than I have risked their heads : : and their swivel chairs for truth and justice." -- James P. Cannon : :........... http://www.zweknu.org/ for PGP key and more ................:
Current thread:
- Re: detecting a sniffer remotely seregon (Oct 01)
- <Possible follow-ups>
- RE: detecting a sniffer remotely Hunt, Charles (Oct 14)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 14)
- Re: detecting a sniffer remotely laurent van-cauwelaert (Oct 14)
- Re: detecting a sniffer remotely Trevor Schroeder (Oct 14)
- Re: RE: detecting a sniffer remotely CyberPsychotic (Oct 15)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 15)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 16)
- Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 14)
- Re: RE: detecting a sniffer remotely laurent van-cauwelaert (Oct 16)