[66620] in North American Network Operators' Group
Re: sniffer/promisc detector
daemon@ATHENA.MIT.EDU (Donovan Hill)
Sat Jan 17 14:37:01 2004
From: Donovan Hill <lists@lazyeyez.net>
To: nanog@merit.edu
Date: Sat, 17 Jan 2004 11:33:02 -0800
In-Reply-To: <Pine.LNX.4.58.0401171410200.30471@ls02.fas.harvard.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Saturday 17 January 2004 11:18 am, Scott McGrath wrote:
> It is also possible to sniff a network using only the RX pair so most of
> the tools to detect cards in P mode will fail. The new Cisco 6548's have
> TDR functionality so you could detect unauthorized connections by their
> physical characteristics.
>
> But there are also tools like ettercap which exploit weaknesses within
> switched networks. See http://ettercap.sourceforge.net/ for more details
> (and gain some add'l grey hairs in the process).
>
> The question here is what are you trying to defend against?.
>
>
Maybe this is just a stupid comment, but if the original poster is that
concerned with their LAN being sniffed, then maybe they should consider using
IPSec on their LAN.
--
Donovan Hill
Electronics Engineering Technologist, CCNA
www.lazyeyez.net, www.gwsn.com
