Date: Sun, 18 Apr 1999 18:11:22 +0930 From: Greg Lehey <grog@lemis.com> To: "Eric S. Nooden" <noodene@beloit.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: Sniffers and Sniffer detection [General UNIX question] Message-ID: <19990418181122.S37994@lemis.com> In-Reply-To: <4.1.19990412090921.009e0420@beloit.edu>; from Eric S. Nooden on Mon, Apr 12, 1999 at 09:31:58AM -0600 References: <4.1.19990412090921.009e0420@beloit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 12 April 1999 at 9:31:58 -0600, Eric S. Nooden wrote: > Hello all! > > A question or two concerning sniffers and sniffer detection. > > 1. Is it possible to detect if a sniffer is being used? No. > I know that the MS Network Analyzer does detect when their product > is being used Maybe this is a "friendliness" feature. > but I am more concerned with the UNIX side of the house. If not, is > there any program that could determine whether or not the > promiscuous mode is being used on any NIC...sort of like using nmap > to scan for it? The real problem is that it's usually another system which is using the sniffer, and you have no access to it. Nothing changes on your system. > 2. Is it possible to install a sniffer, in a user account (with no root > access), and sniff the network and watch for passwords? FreeBSD won't allow you to set promiscuous mode unless you're root. > I do realize that anything is possible, but I would appreciate a more > specific answer and possibly some ways to protect against sniffers. One > precaution to possibly take is to place the modem lines on 10/100 switches > and also the primary systems. I would think that protects us a little bit > considering you can't sniff outside our collision domain (unless you had an > "agent" on another hub(s) ). Right, you need to be on the local network. Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990418181122.S37994>