-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would recommend a combo of network IDS and host-based IDS: On the network side, you can't go wrong with Snort... somewhat of a learning curve but totally worth it... or you could use something like PortSentry... For Snort: http://www.snort.org For PortSentry: http://www.psionic.com Also, check out Demarc which works with Snort: http://www.demarc.com
For Host Based, I would go with Tripwire or AIDE... Tripwire: http://www.tripwire.org AIDE: http://www.cs.tut.fi/~rammer/aide.html hope that helps... shawn On Sat, 23 Feb 2002, Thomas Madhavan wrote: > Hi all. > > Most of the information on this lists regarding firewalls, sniffers etc seem > to be concerned with LANs, or computers using Ethernet cards. > > I want to set up at least some basic IDS and firewall tools on my box at > home, which isn't on any sort of network. > > Do the same rules apply to me, using a modem? Or are there other > applications more suited to individual systems, rather than networks? > > Preferably the tools will be not *too* complicated to use, although I don't > mind learning. > > Thanks a lot. > Thomas Madhavan > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, February 21, 2002 3:50 PM > Subject: Re: Detecting Sniffers? > > > > Ettercap 0.6.2, Arpwatch 2.1a4 & Snort 1.8-RELEASE all running on Linux > Redhat 7.2 sounds like what you need. Got to http://packetstormsecurity.org > > > > Let me know how it goes. > > > > Cheers > > > > Taiye. > > > > In a message dated Thu, 21 Feb 2002 21:30:35 Greenwich Mean Time, Sumit > Dhar <[EMAIL PROTECTED]> writes: > > > > > > > > Hello All, > > > > > > I was wondering the other day as to how one could go about detecting a > > > sniffer on the network. If it is a Shared Ethernet, I wouldn't even > > > try... but on a Switched Ethernet, I feel there still is a chance. > > > > > > Specifically, > > > > > > 1. What would be the best method to see if someone is carrying > > > out ARP-Spoofing? > > > > > > 2. Would it be possible to locate a machine that is flooding > > > the network with fake MAC replies? > > > > > > Also, what would be the other methods that a person *MIGHT* be used to > > > sniff in a switched environment? > > > > > > Most of the anti-sniffing tools (from L0pht etc.) are not very > > > reliable.. any other tools that you people are aware of? And lastly, > > > though I think it is practically impossible, would it be possible to > > > detect a sniffer on a Shared Ethernet (where it is usually passive). > > > > > > Also let me clarify, each user on this network controls his machine > > > completely as the root user, no user has access to every machine.. > > > > > > Regards > > > Dhar > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE8encn3Qw8DHute6kRAjIvAJ4sJb/L4QUT5HGEsILFXnPhawEZ+gCeJgI1 C+S/d/cNTEKxjqGKIoMWbNA= =ncqy -----END PGP SIGNATURE-----
