Hi Paul, Detecting sniffing is really difficult to do. It would be like two people talking in a room and you want to know if a 3rd person in the room is eavesdropping. That someone else is not an active participant, and without being able to see inside the head of that person or know what they are thinking, you don't know if they were listening in or not.
As far as giving someone the benefit of the doubt - if you are still interested in my opinions, read the remainder of this e-mail. When the issue with Dan Tentler being dishonest and stealing people's passwords first arose on Saturday night, he had numerous chances to be honest, contrite, forthcoming, and at least try to explain himself properly - and he didn't. When Chris first asked who was running nessus, he just looked down and ignored the question - when he should have immediately responded and explained what he was doing. When the question was repeated he looked over in the direction of Chris Louden and myself as if to deflect some blame towards one of us. When Chris really found that he was the culprit, he passed it off as if it was some research project. When the issue of having intercepted gmail passwords and such came up - he made the comment that it was all harmless because he wasn't going to save the log of his capturing activity. Yet he didn't - he kept right on capturing other packets, and didn't actually demonstrate that he had cleared the captured log. So - let's revisit back to giving someone the benefit of the doubt - there were numerous chances during the conversation as it developed that evening, where he could have provided us with a reason to supply that benefit, where we would be generous with our opinions of him - but every time he chose the wrong course, with either denial or dishonesty. In further discussions about the issue Dan is still not coming clean or apologizing, but instead accusing people of being on a witch hunt and accusing people of starting a flame war. If you want to give him the benefit of the doubt, please do - but people that started off trying to give the benefit of the doubt were quickly convinced that he didn't deserve it based on his actions. I still don't have any proof that Chris's gmail password wasn't sent off to Chinese hackers or something by the time we got home that evening. None of us observed if Dan actually deleted his logs, or that he proved to anyone that he hadn't captured anything else of ours that evening. He has not provided any proof of deniable culpability - and when someone like him is observed doing the activities he was doing - proving to everyone that he was clean should have been the very first thing he did. All in all, it's a shameful act for someone who claims to be a security professional. Security professionals only do what's within their bounds, and don't shrug at legalities like Dan Tentler did. Security professionals don't infringe on people's privacy for sport like Dan Tentler did. Also on the topic of lending someone the benefit of the doubt - I think when it comes to a person's privacy (and each one of us has to evaluate this as it equates to our own personal information and how we choose to guard it) - people also need to give the benefit of the doubt to anyone who is guarding their personal info. I've been generous with giving that benefit to Chris and Roger as they were most affected by Dan Tentler's mischievous and borderline-illegal actions. Based on how they are handling things with a professional manner, and how Dan is not - I continue to give them the benefit of the doubt that they may have had something more serious than a gmail password be compromised, and they have the right to be upset about the potential serious loss of privacy. Thanks, DK ____________________________________________________ Insert your own stupid MSN Hotmail or Windows Vista ad here ____________________________________________________ On 12/30/2008, "Paul Saenz" <[email protected]> wrote: > >Interesting. I was wondering if maybe a few links to good tutorials about >ARP spoofing, and/or sniffing detection could be posted to the socallinux >webpage, with maybe a little intro as to why it's there for newcomers. > >It would be cool if the group was set up to detect sniffers. I think it would >be fun if we actually caught someone in the act who was outside the group, >and were actually able to identify the person in a public setting: Put a >little >fun in your White Hat :~). > >As for Dan Tentler, I usually like to give people the benefit of the doubt on >first offenses, but that's just me. > >Cheers > >_________________________________________________________________ >Life on your PC is safer, easier, and more enjoyable with Windows Vista®. >http://clk.atdmt.com/MRT/go/127032870/direct/01/
