> > One thing that you could do is use a tool that would send an ICMP > packet to all possible addresses in your particular network. That > won't detect all connecting hosts, in particular if someone jacks in > to sniff only, but that assumes that your network is hub based. If > your network is switch based then people will have a hard time > logging in and sniffing without being detected as they'd normally > have to ARP poison the switch or do something else that would be > detectable. > > > So... the simple 99% answer is, ping all possible IP addresses once, > if you get a response from an address thats not supposed to be > there... well... then you'll know. > > Also, if you use DHCP then you could watch the DHCP log for new > systems... thats not super difficult either.
Well, being a newbie, this forces me to ask: If this imaginary attacker raises a firewall with a simple ruleset like (not exact iptables syntax): input --protocol any -j ACCEPT output --protocol any -j DROP and to be paranoid add this: input --protocol icmp -j DROP in iptables, if i am correct, the target DROP causes the packet to be silently dropped. Then this would remedy the ICMP approach, correct?? ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
