Hi all. Most of the information on this lists regarding firewalls, sniffers etc seem to be concerned with LANs, or computers using Ethernet cards.
I want to set up at least some basic IDS and firewall tools on my box at home, which isn't on any sort of network. Do the same rules apply to me, using a modem? Or are there other applications more suited to individual systems, rather than networks? Preferably the tools will be not *too* complicated to use, although I don't mind learning. Thanks a lot. Thomas Madhavan ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, February 21, 2002 3:50 PM Subject: Re: Detecting Sniffers? > Ettercap 0.6.2, Arpwatch 2.1a4 & Snort 1.8-RELEASE all running on Linux Redhat 7.2 sounds like what you need. Got to http://packetstormsecurity.org > > Let me know how it goes. > > Cheers > > Taiye. > > In a message dated Thu, 21 Feb 2002 21:30:35 Greenwich Mean Time, Sumit Dhar <[EMAIL PROTECTED]> writes: > > > > > Hello All, > > > > I was wondering the other day as to how one could go about detecting a > > sniffer on the network. If it is a Shared Ethernet, I wouldn't even > > try... but on a Switched Ethernet, I feel there still is a chance. > > > > Specifically, > > > > 1. What would be the best method to see if someone is carrying > > out ARP-Spoofing? > > > > 2. Would it be possible to locate a machine that is flooding > > the network with fake MAC replies? > > > > Also, what would be the other methods that a person *MIGHT* be used to > > sniff in a switched environment? > > > > Most of the anti-sniffing tools (from L0pht etc.) are not very > > reliable.. any other tools that you people are aware of? And lastly, > > though I think it is practically impossible, would it be possible to > > detect a sniffer on a Shared Ethernet (where it is usually passive). > > > > Also let me clarify, each user on this network controls his machine > > completely as the root user, no user has access to every machine.. > > > > Regards > > Dhar > >
