Intrusion Detection Systems mailing list archives

Re: RE: detecting a sniffer remotely

From: mlists () gizmo kyrnet kg (CyberPsychotic)
Date: Sat, 16 Oct 1999 10:54:54 +0500 (KGT)



~ 
~ I grabbed the L0pht's AntiSniff for UNIX and it worked reasonably well.  Of
~ course, that was against a slow box, so the PING variance test worked like
~ a charm.
~ 

well, L0pht's AntiSniff won't work on switched networks, since switches
memorize mac addresses of the devices connected to each ports and would
drop maliformed frames. But neither sniffing would work in such
envinroment. (just to make sure you haven't missed this detail ;-))

Current thread:

Re: detecting a sniffer remotely seregon (Oct 01)
- <Possible follow-ups>
- RE: detecting a sniffer remotely Hunt, Charles (Oct 14)
  - Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 14)
    - Re: detecting a sniffer remotely laurent van-cauwelaert (Oct 14)
    - Re: detecting a sniffer remotely Trevor Schroeder (Oct 14)
    - Re: RE: detecting a sniffer remotely CyberPsychotic (Oct 15)
    - Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 15)
    - Re: RE: detecting a sniffer remotely Trevor Schroeder (Oct 16)
  - Re: RE: detecting a sniffer remotely CyberPsychotic (Oct 15)
    - Re: RE: detecting a sniffer remotely laurent van-cauwelaert (Oct 16)
- Re: RE: detecting a sniffer remotely Robert Graham (Oct 14)
- Re: RE: detecting a sniffer remotely Robert Graham (Oct 16)