-jb
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Simon
Richter
Sent: Friday, March 12, 2004 7:31 AM
To: 'Full Disclosure'
Subject: Re: [Full-Disclosure] Caching a sniffer
Hi,
I wonder whether it would be feasible to build network cards that could
re
Hi,
I wonder whether it would be feasible to build network cards that could
report the signal reflection characteristics of the link to make it
possible to detect sniffing equipment cut into a network cable (should
catch magnetic coupling as well).
I bet some security conscious folks will pay lot
http://www.robertgraham.com/pubs/sniffing-faq.html
Go to section 2.5
On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> How can i know if there a sniffer running in my network?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.4 (GNU/Linux)
On Thu, 2004-03-11 at 10:43, Mike Fratto wrote:
> Your assuming that the attacker 1) has control of the switch and 2) is
> sniffing either the uplink or has configured the switch to mirror all the
> switch ports or VLAN to the mirror port.
>
> Neither of which may be the case.
There are many pe
On Thu, 2004-03-11 at 10:43, Mike Fratto wrote:
> Your assuming that the attacker 1) has control of the switch and 2) is
> sniffing either the uplink or has configured the switch to mirror all the
> switch ports or VLAN to the mirror port.
>
> Neither of which may be the case.
There are many pe
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Kenton Smith
> Sent: Thursday, March 11, 2004 11:50 AM
> To: [EMAIL PROTECTED]
> Cc: Full Disclosure; [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Caching a sniffer
&
http://www.robertgraham.com/pubs/sniffing-faq.html
Go to section 2.5
On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> How can i know if there a sniffer running in my network?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.4 (GNU/Linux)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Kenton Smith
> Sent: Thursday, March 11, 2004 11:50 AM
> To: [EMAIL PROTECTED]
> Cc: Full Disclosure; [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Caching a sniffer
&
> How can i know if there a sniffer running in my network?
There was a long thread on this subject in February on focus-ids:
http://seclists.org/lists/focus-ids/2004/Feb/0028.html
One link to an interesting paper posted there:
http://www.securityfriday.com/promiscuous_detection_01.pdf
There
I skimmed through some of the articles and they all have some good
information. Are you running a switched network? If you are then the
easiest way is to look at your traffic stats and find the port that
*all* traffic is going to.
If this doesn't make sense to you, then you should do some more rese
I skimmed through some of the articles and they all have some good
information. Are you running a switched network? If you are then the
easiest way is to look at your traffic stats and find the port that
*all* traffic is going to.
If this doesn't make sense to you, then you should do some more rese
> How can i know if there a sniffer running in my network?
There was a long thread on this subject in February on focus-ids:
http://seclists.org/lists/focus-ids/2004/Feb/0028.html
One link to an interesting paper posted there:
http://www.securityfriday.com/promiscuous_detection_01.pdf
There
You can't hijack a switched environment with *only* the dsniff tools,
though. Arpspoof is very nifty for 'lying' to the wire and telling it
you are who you say you are. But if you're not *supposed* to be getting
all the network's packets *and* you arpspoof the gateway's IP with your
MAC address, yo
On Thu, 2004-03-11 at 10:43, Mike Fratto wrote:
> Your assuming that the attacker 1) has control of the switch and 2) is
> sniffing either the uplink or has configured the switch to mirror all the
> switch ports or VLAN to the mirror port.
>
> Neither of which may be the case.
There are many pe
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Kenton Smith
> Sent: Thursday, March 11, 2004 11:50 AM
> To: [EMAIL PROTECTED]
> Cc: Full Disclosure; [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Caching a sniffer
&
http://www.securiteam.com/tools/5HP011F40E.html
-Original Message-
From: Simon Richter [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 8:02 AM
To: Patricio Bruna V.
Cc: Full Disclosure
Subject: Re: [Full-Disclosure] Caching a sniffer
Hi,
> How can i know if there a snif
I skimmed through some of the articles and they all have some good
information. Are you running a switched network? If you are then the
easiest way is to look at your traffic stats and find the port that
*all* traffic is going to.
If this doesn't make sense to you, then you should do some more rese
Hi,
> How can i know if there a sniffer running in my network?
In the Good Old Days(tm), at LAN parties, we used to send out garbled
packets (that would make Windows' IP stack crash) to a nonexistant
hardware address, then looked who got a bluescreen. Of course, this
makes sense only in unswitche
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:full-disclosure-
> [EMAIL PROTECTED] On Behalf Of Ian Latter
> Sent: Thursday, March 11, 2004 10:57 AM
> To: Gary E. Miller
> Cc: Full Disclosure
> Subject: Re: [Full-Disclosure] Caching a sniffer
>
>
>
> Whi
iddle\" sniffing (look at ettercap)
EF
>- Original Message -
>From: \"David Vincent\" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, March 11, 2004 6:51 AM
>Subject: RE: [Full-Disclosure] Caching a sniffer
>
> Ho
http://www.robertgraham.com/pubs/sniffing-faq.html
Go to section 2.5
On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> How can i know if there a sniffer running in my network?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.4 (GNU/Linux)
On Thu, 11 Mar 2004, Motiwala, Yusuf wrote:
> TDR will not work if someone running Sniffer on existing network port.
No, it won't; that's the point. You are supposed to account for all those
cables leading out of the patch panel, but given that most humans are
generally more than a few inches wi
e List
> Subject: Re: [Full-Disclosure] Caching a sniffer
>
> On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
>
> > How can i know if there a sniffer running in my network?
>
> When you wake up one day to find that you're 0wn3d :-)
>
> Seriously, about the only way
> > How can i know if there a sniffer running in my network?
>
> When you wake up one day to find that you're 0wn3d :-)
>
> Seriously, about the only way I can think of to detect a sniffer with
> its transmit leads cut is with a Time Domain Reflectometer (TDR) and
> look for an unexplained impeda
; From: [EMAIL PROTECTED] [mailto:full-disclosure-
> [EMAIL PROTECTED] On Behalf Of Ian Latter
> Sent: Thursday, March 11, 2004 10:57 AM
> To: Gary E. Miller
> Cc: Full Disclosure
> Subject: Re: [Full-Disclosure] Caching a sniffer
>
>
>
> While there's no way to
..
Lan Guy
- Original Message -
From: "David Vincent" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 11, 2004 6:51 AM
Subject: RE: [Full-Disclosure] Caching a sniffer
How can i know if there a sniffer running in my network?
if you're lucky, they
> > While there's no way to be sure-sure ... you can get into your
> > local LAN segment and send ICMP(/whatever) requests to the
> > correct L3 address with the wrong L2 address and see if you
> > get a response; this will show you if hosts/devices are listening
> > promiscuously (which makes for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ian Latter wrote:
> While there's no way to be sure-sure ... you can get into your
> local LAN segment and send ICMP(/whatever) requests to the
> correct L3 address with the wrong L2 address and see if you
> get a response; this will show you if hosts
> How can i know if there a sniffer running in my network?
if you're lucky, they are stupid and are using microsoft's network monitor.
Tools --> Identify Network Monitor Users
http://www.comptechdoc.org/os/windows/ntserverguide/ntsnetmon.html
-
http://www.microsoft.com/windows2000/techinf
rting point).
- Original Message -
>From: "Gary E. Miller" <[EMAIL PROTECTED]>
>To: "Patricio Bruna V." <[EMAIL PROTECTED]>
>Subject: Re: [Full-Disclosure] Caching a sniffer
>Date: Wed, 10 Mar 2004 18:51:07 -0800
>
> -BEGIN PGP SIG
> How can i know if there a sniffer running in my network?
There was a long thread on this subject in February on focus-ids:
http://seclists.org/lists/focus-ids/2004/Feb/0028.html
One link to an interesting paper posted there:
http://www.securityfriday.com/promiscuous_detection_01.pdf
There
On Mar 10, 2004, at 13:13, Patricio Bruna V. wrote:
How can i know if there a sniffer running in my network?
You might catch someone sloppy with tricks like DNS resolution (send
data with a hostname / IP and see who resolves it) or bugs in the way
the sniffing host handles things like ARP resolut
On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> How can i know if there a sniffer running in my network?
When you wake up one day to find that you're 0wn3d :-)
Seriously, about the only way I can think of to detect a sniffer with
its transmit leads cut is with a Time Domain Reflectometer (TDR) a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Patricio!
On Wed, 10 Mar 2004, Patricio Bruna V. wrote:
> How can i know if there a sniffer running in my network?
If the hacker has had physical access to your network, even for just a
few minutes, then there are many ways he can install a sniff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How can i know if there a sniffer running in my network?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAT4UNT29IM+6ptNcRAoKlAJ9Kbk2yH4MKrQRNaz6OVM2Jai8/+QCgoUnx
IXCJDuMJxTU9r/E5AhjW1fc=
=LiUx
-END PGP SIGNATURE-
_
35 matches
Mail list logo