[66677] in North American Network Operators' Group
Re: sniffer/promisc detector
daemon@ATHENA.MIT.EDU (haesu@towardex.com)
Tue Jan 20 14:18:41 2004
Date: Tue, 20 Jan 2004 13:59:07 -0500
From: haesu@towardex.com
To: Alexei Roudnev <alex@relcom.net>
Cc: nanog@merit.edu, Paul Vixie <vixie@vix.com>
In-Reply-To: <04cf01c3df18$68deb1e0$6401a8c0@alexh>
Errors-To: owner-nanog-outgoing@merit.edu
> PS. Sniffer... there are not any way to detect sniffer in the non-switched
> network, and there is not much use for sniffer in switched network, if this
> network is configured properly and is watched for the unusial events.
depends on brand and model of switch
$ portinstall dsniff
$ man macof
-J (and yes, the thread topic is about ways for _watching_ "the unusual events" aka sniffing)
>
> >
> > > The real smart ones - professionals - won't attack unless there's a
> chance
> > > of a serious payback. This excludes most businesses, and makes anything
> > > but a well-known script-based attack a very remote possibility.
> >
> > that's just not so. ask me about it in person and i might tell you
> stories.
> >
> > > For most other people a trivial packet-filtering firewall, lack of
> > > Windoze, and a switch instead of a hub will do just fine.
> >
> > this part, i agree with.
> > --
> > Paul Vixie
--
James Jun (formerly Haesu)
TowardEX Technologies, Inc.
1740 Massachusetts Ave.
Boxborough, MA 01719
Consulting, IPv4 & IPv6 colocation, web hosting, network design & implementation
http://www.towardex.com | james@towardex.com
Cell: (978)394-2867 | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033 | AIM: GigabitEthernet0
NOC: http://www.twdx.net | POC: HAESU-ARIN, HDJ1-6BONE
