<Snip>
>> CB> a network address or a MAC address meaning that it can be
>> CB> completely invisible from OSI layers 2 and up.
>>
>> The classic trick is to cut the TX wire. That makes it rather hard to
>> detect the sniffer.
>
>I've heard this...and have tried it myself. I've found that if the Tx
>pair is cut, most hubs/switches will not initialize the port. If the
>port does not initialize, you obviously can not monitor anything. ;)
>
>You can however fray the Tx pair so that a voltage is still passed but
>inductance is high enough to chop any signal pulses. Of course you need
>to be using stranded twisted pair wiring in order to get this to work.
>It also takes a lot of work to make a functional cable.
Yes, this is true if you have the opportunity or access to the wiring
closet or hub device. However, what if you managed to find a cable run and
run a network analyzer on the pairs to find the correct recieve pair. Tap
into that and wham, you are listening. You would then be tapping into
another already established segment. As long as you kept the cable short,
you would go undetected.
This is beyond the conventional hacker, but I've seen it done.
--Rich
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
