[653] in Intrusion Detection Systems
Re: Sniffer Detection
daemon@ATHENA.MIT.EDU (Steve Neruda)
Sun Mar 3 11:08:42 1996
Date: Thu, 29 Feb 1996 10:38:16 -0500
From: Steve Neruda <neruda@nationwide.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
Arve Kjoelen wrote:
>
> > >>What about sniffing inside a firewall. Is there any way yet of possibly d
etecting a
> sniffer?
> >
> > I participated in a study of this sometime back. Summary, not very likely.
> <snip>
>
> Unless, of course, the network admin has access to all machines within the
> firewall and (s)he can get the NIC to report that it is in promiscuous
> mode.
>
And the intruder hasn't been slick enough to modify ifconfig not to report
that the interface is in promiscuous mode.
SteveN
...simpler living through complexity...
