[11165] in bugtraq
Re: (How) Does AntiSniff do what is claimed?
daemon@ATHENA.MIT.EDU (Trevor Schroeder)
Wed Jul 28 06:20:03 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <199907271135.GAA22326@duckdog.zweknu.org>
Date: Tue, 27 Jul 1999 06:35:34 -0500
Reply-To: Trevor Schroeder <tschroed@ACM.ORG>
From: Trevor Schroeder <tschroed@ACM.ORG>
X-To: Jon Marler <jmarler@ISTRENGTH.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990725155422.I4792@istrength.net>
On Sun, 25 Jul 1999, Jon Marler wrote:
> All you would need to do to prevent detection is cut the send pair on your
> Ethernet connection. That would make it completely passive. You could
> even do it as simple as a cable with only 1 pair.
That's what I thought initially. As someone was kind enough to point out,
the Tx is also carrying your linkbeat. Without it, the hub's not going to
be sending you traffic. That's why I had to go with AUI, you have the
opportunity to cut the data while leaving the control signals intact.
..........................................................................
: "I knew it was going to cost me my head and also my swivel chair, but :
: I thought: What the hell-better men than I have risked their heads and :
: their swivel chairs for truth and justice." -- James P. Cannon, 1959 :
:........... http://www.zweknu.org/ for PGP key and more ................:
