Date: Tue, 29 Jul 1997 03:09:29 -0600 (MDT) From: John-David Childs <jdc@denver.net> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: "Nicole H." <nicole@mediacity.com>, security@FreeBSD.ORG Subject: RE: detecting packet sniffers Message-ID: <Pine.BSI.3.95.970729030228.2340C-100000@milehigh.denver.net> In-Reply-To: <6954.870136449@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Gary Palmer wrote: > "Nicole H." wrote in message ID > <Chameleon.870081818.nmh@geekgirl>: > > > > Does anyone know of a good way to detect people "sniffing" on the > > network? IE a program that will detect a machine running in > > promiscuous mode? > > There is no way to detect that from outside the machine ... after all, > its just listening to all the packets that go past. > > FreeBSD 2.2 and later log a message to console when an interface goes > into promiscuous mode. I was under the impression from reading various product literatures that a trend in the industry is beginning...whereby packet sniffers will periodically send "tokens" on the wire identifying that XYZ PacketSniffer was being used. There was an NT/SunOS commercial security application I saw a few weeks ago which claimed to be able to detect some (not all) other sniffers on the wire...I just can't remember where I saw it. Time to go digging through my archives ;) -- John-David Childs (JC612) @denver.net/Internet-Coach/@ronan.net System Administrator Enterprise Internet Solutions & Network Engineer 901 E 17th Ave, Denver 80218 "When you have to kill a man it costs nothing to be polite." -- Winston Curchill, On formal declarations of war
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970729030228.2340C-100000>