[REVS] Detection of Promiscuous Nodes Using ARP Packets

• Previous message: support@securiteam.com: "[TOOL] SWATCH, Simple Log Watcher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Subject: [REVS] Detection of Promiscuous Nodes Using ARP Packets
Message-Id: <20010913214725.A93B2138BF@mail.der-keiler.de>
Date: Thu, 13 Sep 2001 23:47:25 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Detection of Promiscuous Nodes Using ARP Packets
------------------------------------------------------------------------

SUMMARY

In the local network, the act of sniffing has become a serious threat.
Malicious users can use sniffing techniques to steal confidential
documents and anyone's privacy by sniffing the network. Sniffing causes
privacy intrusion, and can be done simply by downloading free sniffer
tools from the Internet and installing them into a personal computer that
resides on the local network.
The documentation below discusses the use of Address Resolution Protocol
(ARP) packets to effectively detect malicious users when they are sniffing
the network.

DETAILS

Due to the size of the document, a link is provided to the original
article:
 <http://www.securityfriday.com/promiscuous_detection_01.pdf>
http://www.securityfriday.com/promiscuous_detection_01.pdf

The tool <http://www.securiteam.com/tools/5HP011F40E.html> Promiscan
implements the techniques discussed in this document.

ADDITIONAL INFORMATION

The information has been provided by <mailto:urity@securityfriday.com>
urity.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: support@securiteam.com: "[TOOL] SWATCH, Simple Log Watcher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: packet sniffing help needed. ... LAN ACCESS - You have access to the IP local network where either ... > I have been thinking about packet sniffing and packet capture - it is ... > information i am transmitting - and what those warnings ... > how proxies cache and transmit data - are the warnings just about ... (Security-Basics) Re: MAC security (Re: Question about Wireless) ... to the wireless network to do the sniffing. ... ARP packets even if your MAC address had not been whitelisted? ... (Ubuntu) RV: packets in my network ... Subject: RV: packets in my network ... while i was sniffing in my local network, i saw that my computer was ... and tracking system please see: http://aris.securityfocus.com ... (Incidents)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint