Re: Sniffer Detection

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Alexander O. Yuriev: "Vulnerability of NCSA cgi-bin applications"
• Previous message: Steve Smith: "Re: I'm with Gene"
• In reply to: Arve Kjoelen: "Re: Sniffer Detection"
• Next in thread: Steve Neruda: "Re: Sniffer Detection"

In message <199602261352.HAA09836@shiva.ee.siue.edu>, Arve Kjoelen writes:
> > >>What about sniffing inside a firewall.  Is there any way yet of possibly 
>*detecting a
> sniffer?
> >
> > I participated in a study of this sometime back.  Summary, not very likely.
> <snip>
> 
> Unless, of course, the network admin has access to all machines within the
> firewall and (s)he can get the NIC to report that it is in promiscuous
> mode.
> 
> -Arve.
> 
> akjoele@ee.siue.edu

This may have been suggested before, but what about tricking the
machine into answering a packet it would receive only if in
promiscuous mode ? For instance, send it a packet with its own
IP address as destination, but with the wrong MAC address ? AFAIR,
most implementations don't bother to check for inconsistencies.
Am I missing something ?

Michel Lavondes (lavondes@tidtest.total.fr)
#include <disclaimer.h>
** CDA warning : don't read this if you're under 18 **
Don't whistle while you piss
                Hagbard Celine

• Next message: Alexander O. Yuriev: "Vulnerability of NCSA cgi-bin applications"
• Previous message: Steve Smith: "Re: I'm with Gene"
• In reply to: Arve Kjoelen: "Re: Sniffer Detection"
• Next in thread: Steve Neruda: "Re: Sniffer Detection"