Re: Survey on intrusion assessment

["S. Khemmanivanh" <somckit () u washington edu>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Newbie question:

I was using Antisniff and was wondering is it possible for NT root kits
to hide sniffers on NT 4.0? How would I go about verifying a sniffer is
running on an NT 4.0 machine (without having to take it down ) which has
been root kitt`ed?

Thanks!

Oh, any URLs or whitepapers links would be appreciated.