Sniffers have both legitimate and illegitimate uses. They are often really
useful for debugging "network problems", so us systems folks can prove the
network folks are wrong, and vice versa.
tcpdump, trafshow, are both really handy. Someone recommended ethereal but I
haven't had a chance to check it out yet.
Course if an unauthorized user has a sniffer on your firewall, you have a
much bigger problem. And it's time to start doing some serious intrusion
detection audits. Also the use of a switched network helps minimize the
usefulness of sniffing network traffic. Though most of your internet bound
traffic would probably be passing through the firewall.
Most of the hacks out there come from script kiddies who are mainly
interested in the bandwidth for warez and dos attacks, so quick-install root
kits are much more popular.
Sameer
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Monday, June 18, 2001 5:22 AM
> To: [EMAIL PROTECTED]
> Subject: sniffer programs
>
>
> Hello all,
>
> We often hear of bad guys using sniffer programs to check out packets for
> information. My question is where and how are these sniffers usually
> installed. Has anyone ever disovered a sniffer program running on their
> firewall?
>
> Regards,
> S. Filliol
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
