From owner-freebsd-security  Mon Jul 28 16:36:36 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA12790
          for security-outgoing; Mon, 28 Jul 1997 16:36:36 -0700 (PDT)
Received: from mail001.mediacity.com (mail001.mediacity.com [205.216.172.7])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id QAA12782
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 16:36:34 -0700 (PDT)
Received: (qmail 14918 invoked from network); 28 Jul 1997 23:36:06 -0000
Received: from geekgirl.mediacity.com (HELO geekgirl) (208.138.36.24)
  by mail001.mediacity.com with SMTP; 28 Jul 1997 23:36:06 -0000
Date: Mon, 28 Jul 1997 04:40:47 -0800
From: "Nicole H."  <nicole@mediacity.com>
Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) 
To: "Nicole H."  <nicole@mediacity.com>,
        Brian Buchanan  <brian@thought.res.cmu.edu>
Cc: security@FreeBSD.ORG
X-Mailer: Z-Mail Pro 6.1 (Win32 - 021297), NetManage Inc.
X-Face: Dy;P!H@)Go.{^Epw&,}@q4ReQ3iOqFrASM63QjFsK/'XnOO67}+{szQ|oo]]`]/.r,g5lx;
 w+F^YYL4j<EF?-v/Uq[]oFYBgjuR;7(!Gju$r^G<uca5(A)uMak8~<Tj!:[Et[di?&!+I(/nHp]w1[
 4VFHO~Xj0c8jt6g$l&ra8f#L0T|{j{u%-Am)Y/nJAC%lvd!]``~OM9HDB8nKminy9FeU2+C5BE'X?
X-Priority: 3 (Normal)
References: <Pine.BSF.3.96.970728190019.26892A-100000@thought.res.cmu.edu> 
Message-ID: <Chameleon.870090090.nmh@geekgirl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> On Mon, 28 Jul 1997, Nicole H. wrote:
> 
> > Does anyone know of a good way to detect people "sniffing" on the network? IE a program that will detect 
a 
> > machine running in promiscuous mode?
> > 
> 
> I was wondering the same thing when I read a clause prohibiting the use of
> network cards in promiscuous mode in the CMU network use policy.  I asked
> some computer security people I knew about this and their response was
> that it is not possible to detect if a network card is in promiscious mode
> unless you have access to the machine it's in - i.e., that you can look at
> ifconfig on that machine.

 <STUPID QUESTION>

 What is the range of sniffing? I.E. can the "sniffer" sniff past switched networks?
 What is the "range" of sniffing?

 </STUPID QUESTION>

Thanks

 Nicole


 nicole@mediacity.com      |\ __ /|   (`\   http://www.mediacity.com
  Nicole Harrington        | o_o  |__  ) )    Phone: 415-237-1464 
                          //      \\          Pager: 415-301-2482
		    Systems Administrator
------------------------(((---(((-------------------------------------
 *******             
  * *****       What do you mean Spelling Errors? 
   * * *                       My Modem is Error Correcting!
      * 

CAUTION: I'm no doctor, I only tell computers what to do.
Nothing in this document should be construed as medical advice.
My opinions are subject to the availability of information.
I learn new things each day, and so may change my opinions.

    Courtesy is owed. Respect is earned. Love is given. --
-----------------------------------------------------------------------