Re: sniffer
From: chris@nospam.comDate: 04/18/02
- Next message: Grzesiek: "Re: sniffer"
- Previous message: Grzesiek: "sniffer"
- In reply to: Grzesiek: "sniffer"
- Next in thread: Grzesiek: "Re: sniffer"
- Reply: Grzesiek: "Re: sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: chris@nospam.com Date: Wed, 17 Apr 2002 19:46:20 -0700
On Thu, 18 Apr 2002 00:49:57 +0200, "Grzesiek" <grzes@niepisz.pl>
wrote:
>Hi
>
>I am trying to secure my network against sniffers.
>I have a little OfficeConnect switch but someone told me that is not enough,
>and he can still sniffing my network with any "linux" program.
>Is it posssible ?
>I used my sniffing program under win2k and I received only my own packets.
>Have you ani ideas ?
There are a couple of approaches to sniffing in a switched
environment. The first would be a managed switch which can monitor
ports
There are programs to flood the switch with bogus mac addresses,
causing the switch table to overflow and flood all traffic to all
ports.
Another program can be used to put out bogus arp packets to redirect
ip traffic from the proper mac address to your machine, which then
forwards it to the proper mac address. Tricky, but can be done.
There are programs out there to detect if a machine has it's nic in
promiscious mode. Best bet would be to periodically run a sweep and
penalize anyone caught running a sniffer.
-Chris
- Next message: Grzesiek: "Re: sniffer"
- Previous message: Grzesiek: "sniffer"
- In reply to: Grzesiek: "sniffer"
- Next in thread: Grzesiek: "Re: sniffer"
- Reply: Grzesiek: "Re: sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
