[66619] in North American Network Operators' Group
Re: sniffer/promisc detector
daemon@ATHENA.MIT.EDU (Donovan Hill)
Sat Jan 17 14:32:38 2004
From: Donovan Hill <lists@lazyeyez.net>
To: Scott McGrath <mcgrath@fas.harvard.edu>,
Sam Stickland <sam_ml@spacething.org>
Date: Sat, 17 Jan 2004 11:30:13 -0800
Cc: "Laurence F. Sheldon, Jr." <larrysheldon@cox.net>,
nanog@merit.edu, nanog-post@merit.edu
In-Reply-To: <Pine.LNX.4.58.0401171410200.30471@ls02.fas.harvard.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Saturday 17 January 2004 11:18 am, Scott McGrath wrote:
> It is also possible to sniff a network using only the RX pair so most of
> the tools to detect cards in P mode will fail. The new Cisco 6548's have
> TDR functionality so you could detect unauthorized connections by their
> physical characteristics.
>
> But there are also tools like ettercap which exploit weaknesses within
> switched networks. See http://ettercap.sourceforge.net/ for more details
> (and gain some add'l grey hairs in the process).
>
> The question here is what are you trying to defend against?.
>
>
Maybe this is just a stupid comment, but if the original poster is that
concerned with their LAN being sniffed, then maybe they should consider using
IPSec on their LAN.
--
Donovan Hill
Electronics Engineering Technologist, CCNA
www.lazyeyez.net, www.gwsn.com
