RE: A Solution for sniffing

From: Jose Avila III (vuln@lighttape.com)
Date: 12/19/02

  • Next message: Christian Freas: "RE: Webmail authentication"
    From: "Jose Avila III" <vuln@lighttape.com>
    To: <Bruce.Orcutt@alltel.com>
    Date: Thu, 19 Dec 2002 09:25:31 -0800
    
    

    Now i know there are hardware devices that you can plug into that will allow
    you not to be detected. What these maily doo is remove the 2 TX wires in
    the CAT5 cable from the solution... These are looped back as to not cause a
    hardware conflict... The Sniffer is now incapeable of transmitting and is
    hence undetectible. Correct me if i am wrong but that is what i have been
    come to believe so far

    --Jose

    -----Original Message-----
    From: wbjw@mindspring.com [mailto:wbjw@mindspring.com]
    Sent: Wednesday, December 18, 2002 11:03 AM
    To: Bruce.Orcutt@alltel.com
    Cc: fadi@lebrocks.com; security-basics@securityfocus.com
    Subject: RE: A Solution for sniffing

    There ARE ways to detect sniffing, but not necessarily completely reliable.
    Sniffing places the network device into promiscous (SP?) mode. The old
    l0pht
    had a antisniff which @Stake still offers. Other tools may exist as well
    which detect sniffing.

    On Tue, 17 Dec 2002 12:19:23 -0500 Bruce.Orcutt@alltel.com wrote:

    > As sniffing is a passive act, there is no way
    > that you can detect the act itself, unless you
    > have access to the machine that's doing the
    > possible sniffing itself.
    >
    > Perhaps one of the simplest ways to ensure
    > sniffing is made much more difficult at the
    > least is by switching from a hub type network
    > to a switched network. In a switched
    > environment, other users cannot see each others
    > network streams, thus providing a layer of
    > protection.
    >
    > Of course, like all techniques, this can be
    > gotten around by various additional techniques,
    > but it does make life more difficult to would
    > be sniffers. (ie: user installs a hub via an
    > uplink port to switched segment, and connects
    > target's system and a sniffing machine to the
    > hub.)
    >
    >
    >
    > -----Original Message-----
    > From: fadi@lebrocks.com
    > [mailto:fadi@lebrocks.com]
    > Sent: Tuesday, December 17, 2002 5:41 AM
    > To: security-basics@securityfocus.com
    > Subject: A Solution for sniffing
    >
    >
    >
    > Hello Folks,
    > I think i am being sniffed by somone on my
    > network, and i was wondering. is
    > there an application to check wether i am being
    > sniffed or not, and if i
    > was, how can i fix that ?(like PGP for mail,
    > what about other protocols)
    >
    > P.S. : Running Linux Slackware 8.1 (if that
    > would help)
    >
    > cheers,
    > Fadi R. Khouja
    >



    Relevant Pages

    • Re: packet sniffing help needed.
      ... In order to sniff traffic between the two victims, ... the sniffer on the same physical network. ... can take between the two to reliably try sniffing. ...
      (Security-Basics)
    • Re: A Solution for sniffing
      ... I've only heard/read of ways to protect against attacks on switches ... If you're a sniffer, your machine should be as discreet as you want it to be ... >Subject: Re: A Solution for sniffing ... >causing more problems associated with flooding a network. ...
      (Security-Basics)
    • Re: [inbox] Re: Counter detect Network Sniffer
      ... > to communicate with the sniffing system. ... It is not difficult to devise a sniffer detection ... Protect your network against hackers, viruses, spam and other risks with Astaro ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: A Solution for sniffing
      ... Not only DNS, but IMO a lot things should not be run on the sniffer machine ... Subject: A Solution for sniffing ... Don't know about your network, but I know I would not want to add the extra ...
      (Security-Basics)
    • RE: A Solution for sniffing
      ... I had never heard of Anti-Sniff before. ... Subject: A Solution for sniffing ... difficult at the least is by switching from a hub type network to a switched ...
      (Security-Basics)