[1691] in bugtraq
Re: Detecting a sniffer
daemon@ATHENA.MIT.EDU (Dr. Frederick B. Cohen)
Thu May 4 04:02:32 1995
From: fc@all.net (Dr. Frederick B. Cohen)
To: bet@std.sbi.com (Bennett Todd)
Date: Tue, 2 May 1995 06:43:30 -0400 (EDT)
Cc: bugtraq@fc.net
In-Reply-To: <9505011346.AA02486@std.sbi.com> from "Bennett Todd" at May 1, 95 09:46:50 am
>
> >Of course you can detect a sniffer, but are you willing to pay the cost
> >of doing so?
>
> You can't "detect a sniffer" from looking at the net; the only way you can
> try is to identify specific software indications of one being run on your
> machine. If it's run on a different machine, on one you can't check (perhaps
> on a palmtop someone has plugged into the net), then you can't detect it at
> all. Even if it's being run on your server, you can detect it if the author
> of the sniffer didn't know about, and defeat, the particular detection
> mechanism you use.
Incorrect - you can detect a sniffer - but it's not cheap.
--
-----------------
\Management /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
\ /\/ | Check out info-security heaven and test your system
\/\ /\/ | for known vulnerabilities (1st time for free) at URL:
\/Analytics| (scans deeper than SATAN or ISS) http://all.net:8080
-----------------
Read "Protection and Security on the Information Superhighway"
John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95
