On Thu, 2002-12-19 at 12:25, Jose Avila III wrote: > Now i know there are hardware devices that you can plug into that will allow > you not to be detected. What these maily doo is remove the 2 TX wires in > the CAT5 cable from the solution... These are looped back as to not cause a > hardware conflict... The Sniffer is now incapeable of transmitting and is > hence undetectible. Correct me if i am wrong but that is what i have been > come to believe so far > The general technique for detecting promiscuous cards is to send some traffic that no machines on the network would normally see, that tricks them into responding, then you know that any machine that responds to it is likely seeing all the network traffic, instead of just it's own. Using receive-only hardware prevents the response from going out if the trick is successful, but there are also a lot of operating systems that are not easily tricked to begin with, and won't respond even without special hardware.
> --Jose > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, December 18, 2002 11:03 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: A Solution for sniffing > > > There ARE ways to detect sniffing, but not necessarily completely reliable. > Sniffing places the network device into promiscous (SP?) mode. The old > l0pht > had a antisniff which @Stake still offers. Other tools may exist as well > which detect sniffing. > > On Tue, 17 Dec 2002 12:19:23 -0500 [EMAIL PROTECTED] wrote: > > > As sniffing is a passive act, there is no way > > that you can detect the act itself, unless you > > have access to the machine that's doing the > > possible sniffing itself. > > > > Perhaps one of the simplest ways to ensure > > sniffing is made much more difficult at the > > least is by switching from a hub type network > > to a switched network. In a switched > > environment, other users cannot see each others > > network streams, thus providing a layer of > > protection. > > > > Of course, like all techniques, this can be > > gotten around by various additional techniques, > > but it does make life more difficult to would > > be sniffers. (ie: user installs a hub via an > > uplink port to switched segment, and connects > > target's system and a sniffing machine to the > > hub.) > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 17, 2002 5:41 AM > > To: [EMAIL PROTECTED] > > Subject: A Solution for sniffing > > > > > > > > Hello Folks, > > I think i am being sniffed by somone on my > > network, and i was wondering. is > > there an application to check wether i am being > > sniffed or not, and if i > > was, how can i fix that ?(like PGP for mail, > > what about other protocols) > > > > P.S. : Running Linux Slackware 8.1 (if that > > would help) > > > > cheers, > > Fadi R. Khouja > > -- Jason Kohles [EMAIL PROTECTED] Senior Engineer Red Hat Professional Consulting
