-----BEGIN PGP SIGNED MESSAGE-----
of course if the person setting up the sniffer takes a couple extra min to
set the speed of the card manually and then snipps the transmit wires on
the cable to that interface you will not detect it anyway :-)
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
On Tue, 12 Jan 1999, Franz, Matt wrote:
> Date: Tue, 12 Jan 1999 15:26:57 -0800
> From: "Franz, Matt" <[EMAIL PROTECTED]>
> To: 'Carric Dooley' <[EMAIL PROTECTED]>,
'GANG WANG' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: RE: How can I detect if there is a sniffer running on my local so
bnet?
>
> neped @ http://www.apostols.org
>
> hunt @ http://www.cri.cz/pub/kra/index.html
>
> Your mileage may very. IMHO ~ 70-80% accurate depending on your load. Of
> course only linux sniffers are detected and there is a patch for the kernel
> (arp) bug that makes it all possible.
>
> Both come precompiled in Trinux: A Linux Security Toolkit
> http://www.trinux.org
>
> -mdf
>
> -----Original Message-----
> From: Carric Dooley [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 12, 1999 2:57 PM
> To: 'GANG WANG'; [EMAIL PROTECTED]
> Subject: RE: How can I detect if there is a sniffer running on my local
> sobnet?
>
>
> I have seen a program for Linux that is supposed to go out and look for
> NIC's in promiscuous mode.
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of GANG WANG
> Sent: Tuesday, January 12, 1999 1:30 PM
> To: [EMAIL PROTECTED]
> Subject: How can I detect if there is a sniffer running on my local
> sobnet?
>
>
> That bothers me for a long time.
> Thanks.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNpvyuT7msCGEppcbAQE9pAf/XYWBNcI0A9CshClZADAa6WRHb8+H5Kv+
moDn4FZ2C3Sj3tt3Lc4tBjeukUrOlBiIiPO/NNay2CYb0NJUO9pnJW+bOnVHCAmT
BHzhplwVP39lB0EUyVqG4g4F8YvXog/ZfDavFVzXq2enCsDKFq11iAMz6yO4/ZnF
/eCu6GaOlOMGe5sA67555TKiGzhOxboxoN+95zjjbOMPSVW6EoZnmACFRNrL8kBd
x5SmBKpX3bIgE1ccbg5/ej43i5/XsFMVixRQETqO+4ly7cX/192UkhI5EpROA+Vi
UQGjn2TTbItmD/Brg6Qk0nzlzOm/lMPj2lCBYmKjQj5t/bjhMN9xYg==
=l7Sx
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
