[TOOL] PromiscDetect, Windows Based Promiscuous Mode Detector
From: support@securiteam.comDate: 04/17/02
- Previous message: support@securiteam.com: "[NT] Sambar Webserver Serverside Fileparse Bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 17 Apr 2002 15:31:58 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
PromiscDetect, Windows Based Promiscuous Mode Detector
------------------------------------------------------------------------
DETAILS
<http://ntsecurity.nu/toolbox/promiscdetect/> PromiscDetect checks if
your network adapter(s) is running in promiscuous mode, which may be a
sign that you have a sniffer running on your computer.
Q: What would be the response for an adapter in "normal" mode?
A: It would be the filters Directed, Multicast, and Broadcast.
Q: When I double-click on the client file, a window comes up and
disappears immediately. What is wrong?
A: You must run the file from a Command Prompt.
Q: How reliable is this tool?
A: It is reliable as long as the attacker does not intercept and modify
things somewhere between the tool and the adapter. Look at it this way: if
the tool tells you that, the adapter is in promiscuous mode it probably is
- but if it does not you should not just assume that the adapter is not in
promiscuous mode.
Q: My adapter is in promiscuous mode but there is no sniffer in my
computer. What is wrong?
A: For example, VMWare puts your adapter in promiscuous mode even if you
are not running a sniffer.
ADDITIONAL INFORMATION
The tool can be downloaded from:
<http://ntsecurity.nu/cgi-bin/download/promiscdetect.exe.pl>
http://ntsecurity.nu/cgi-bin/download/promiscdetect.exe.pl
The information has been provided by <mailto:arne.vidstrom@NTSECURITY.NU>
Arne Vidstrom.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Sambar Webserver Serverside Fileparse Bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
