[1636] in bugtraq
Re: sniffers
daemon@ATHENA.MIT.EDU (Jonathan M. Bresler)
Sun Apr 30 02:08:10 1995
Date: Sat, 29 Apr 1995 23:29:52 -0400 (EDT)
From: "Jonathan M. Bresler" <jmb@kryten.Atinc.COM>
To: Theodore Alexopoulos <root@ee.duth.gr>
Cc: bugtraq@fc.net
In-Reply-To: <Pine.HPP.3.91.950429150525.1600B-100000@platon.ee.duth.gr>
On Sat, 29 Apr 1995, Theodore Alexopoulos wrote:
> Is there any way to find out if a sniffer is on the net?
> Just this
no. absolutely none (per SANS'95 conference)
a sniffer can have its transmit lead cut and still function.
this configuration is described in one of the common security
papers--TAMU's tiger paper perhaps, i dont remember. with the transmit
lead cut, you cant detect.
now a good capture digital ocilloscope and a one shot pulse
generator may allow you to see the reflections at each tap (imperfect
impedence matching of coax and taps procudce reflections) the time from
pulse to reflection is twice the travel time to the tap. a TDR (time
domain reflectometer) does this. but the signal will be very weak. no
standard network administrator equipment ;(
jmb
Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc.
| 2341 Jeff Davis Hwy
play go. | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346
