[1656] in bugtraq
Re: Detecting a sniffer
daemon@ATHENA.MIT.EDU (Craig Metz)
Mon May 1 16:13:23 1995
To: fc@all.net (Dr. Frederick B. Cohen)
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Mon, 01 May 1995 06:16:06 EDT."
<9505011016.AA02670@all.net>
Date: Sun, 30 Apr 1995 12:30:45 -0400
From: Craig Metz <cmetz@inner.net>
>Of course you can detect a sniffer, but are you willing to pay the cost
>of doing so?
More importantly, have you managed your security risks taking into
account the possibility of being sniffed?
Fixing holes is one thing. In some environments, this is a reasonable
security solution (An example is many academic environments where there really
isn't much in the way of sensitive data). In others, where data processed
on computer equipment on a network is more sensitive (like trade secrets), if
you didn't design strong authentication and encryption into your total security
solution (thus making sniffers not really a threat), it's your own fault if
a sniffer on your network intercepts data.
-Craig
