[1047] in bugtraq
Re: snooper watchers
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Feb 23 04:57:53 1995
Date: Thu, 23 Feb 1995 01:55:56 -0600 (CST)
From: Aleph One <aleph1@dfw.net>
To: Eric Conrad <econrad@bu.edu>
Cc: Ben Taylor <bent@snm.com>, bugtraq@fc.net
In-Reply-To: <Pine.SUN.3.91.950222164453.4196L-100000@it>
Here are a few I found:
http://underground.org/tools/unix/audit/cpm/cpm.1.0.tgz
http://underground.org/tools/unix/audit/ifstatus/ifstatus.tgz
Dont know if they will work on Solaris 2.x though.
On Wed, 22 Feb 1995, Eric Conrad wrote:
> The first thing many crackers do is replace ifconfig with a trojan that
> won't report when an interface is in promiscuous mode.
>
> You could look at 'cpm', which will also show when an interface is
> promiscuous. It's available from ftp.cert.org. You're still in the same
> boat if someone replaces it with their own, however.
>
> ...Eric
>
