From owner-freebsd-questions Mon Apr 12 8:36:17 1999 Delivered-To: freebsd-questions@freebsd.org Received: from student.lssu.edu (student.lssu.edu [198.110.216.219]) by hub.freebsd.org (Postfix) with ESMTP id 07231155AB for ; Mon, 12 Apr 1999 08:36:10 -0700 (PDT) (envelope-from pe@student.lssu.edu) Received: from localhost (pe@localhost) by student.lssu.edu (8.9.3/8.9.3) with ESMTP id LAA18029; Mon, 12 Apr 1999 11:31:24 -0400 (EDT) Date: Mon, 12 Apr 1999 11:31:24 -0400 (EDT) From: "System Admin." To: "Eric S. Nooden" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Sniffers and Sniffer detection [General UNIX question] In-Reply-To: <4.1.19990412090921.009e0420@beloit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Yes, there are hacker software out there that user can install and use it w/o root permission to do it. You can also install software on your admin. side to detect the port scanner or other scanning softwear. Try www.ugu.com for downloading security software. HTH pe' ------------------------------ UNIX System Admin. Distributed Computing Services Lake Superior State University 650 W. Easterday Ave. Sault Ste. Marie. MI 49783 USA. ------------------------------ On Mon, 12 Apr 1999, Eric S. Nooden wrote: > Hello all! > > A question or two concerning sniffers and sniffer detection. > > 1. Is it possible to detect if a sniffer is being used? I know that the > MS Network Analyzer does detect when their product is being used but I am > more concerned with the UNIX side of the house. If not, is there any > program that could determine whether or not the promiscuous mode is being > used on any NIC...sort of like using nmap to scan for it? > > 2. Is it possible to install a sniffer, in a user account (with no root > access), and sniff the network and watch for passwords? > > I do realize that anything is possible, but I would appreciate a more > specific answer and possibly some ways to protect against sniffers. One > precaution to possibly take is to place the modem lines on 10/100 switches > and also the primary systems. I would think that protects us a little bit > considering you can't sniff outside our collision domain (unless you had an > "agent" on another hub(s) ). > > Please email me direct in addition to emailing FreeBSD-questions. > > Thank you in advance! > > Eric S. Nooden > Technical Service Manager, ITS > noodene@beloit.edu > > > ================================================================= > Eric S. Nooden (CET,MSC,MCP) Information Technology Services > Technical Service Manager Beloit College, Mayer Hall #207 > Voice: 608.363.2458 Office hours: 0800-1700 > Fax: 608.363.2100 http://www.inwave.com/~armyeric > ================================================================= > Ah, life! Be my wild mistress!! - Dogbert > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message