On Tue, 12 Jan 1999, GANG WANG wrote:
:That bothers me for a long time.
:Thanks.
Phrack 54 has a good article on sniffer evasion and detection.
the one I remember best was running tcpdump on a 'safe' machine
on the segment, telnetting somewhere off the network and see if
you see any other hosts on your network doing lookups for the
remote host you are connecting to. Most sniffers don't hide that
they are attempting to resolve the ip addrs that they are logging
connections to/from.
See www.phrack.com (which isn't responding as of the time of this
post) for the latest issue.
-j
--
jamie.reid | Spare Parts for the Human Appliance
Chief Reverse Engineer | www.vapour.net
Defective Technologies |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
