[639] in Intrusion Detection Systems
Re: Question. (Was re:hacker's intro)
daemon@ATHENA.MIT.EDU (Doug Hughes)
Sun Feb 25 19:47:20 1996
Date: Sat, 24 Feb 1996 17:55:31 -0600 (CST)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: ids@uow.edu.au
In-Reply-To: <199602222033.PAA10888@r2d2.teir.com>
Reply-To: ids@uow.edu.au
On Thu, 22 Feb 1996, Chris Steel wrote:
>
> I agree that the noise level is a little high. I joined the list to learn
> more about IDS and security (I have installed crack and COPS but don't
> consider myself a security expert yet). What about sniffing inside a
> firewall. Is there any way yet of possibly detecting a sniffer?
>
> -Chris
It depends on what kind of sniffer you are trying to detect. If it's a
sniffer on an interface of a workstation running in promiscuous mode,
then it may be possible to detect it depending on your Operating System.
There are some programs floating about (one at coast archive) to detect
an interface in promiscuous mode for certain architectures and OS releases.
If you're talking about an actual wire tap sniffer on premises, it is
nearly impossible to detect one unless you go around inspecting your
entire physical plant. They are usually completely passive devices, and
if the person is smart, will have the transmit leads cut all together.
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
doug@eng.auburn.edu
Pro is to Con as progress is to congress
