|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sniffer/promisc detector
The best anty-sniffer is HoneyPot (it is a method, not a tool). Create so many false information (and track it's usage) that hackers will be catched before they do something really wrong. Who do not know - look onto the standard, cage like, mouse - trap with a piece of cheese inside. -:) ----- Original Message ----- From: "Rubens Kuhl Jr." <[email protected]> To: <[email protected]> Sent: Friday, January 16, 2004 3:18 PM Subject: Re: sniffer/promisc detector > > > That is a battle that was lost at its beginning: the Ethernet 802.1d > paradigm of "don't know where to send the packet, send it to all ports, > forget where to send packets every minute" is the weak point. > There are some common mistakes that sniffing kits do, that can be used to > detect them (I think antisniff implements them all), but a better approach > is to make to promisc mode of no gain unless the attacker compromises the > switch also. In Cisco-world, the solution is called Private VLANs. > Nortel/Bay used to have ports that could belong to more than one VLAN, > probably every other swith vendor has its own non-IEEE 802 compliant way of > making a switched network more > secure. > > > Rubens > > > ----- Original Message ----- > From: "Gerald" <[email protected]> > To: <[email protected]> > Sent: Friday, January 16, 2004 8:35 PM > Subject: sniffer/promisc detector > > > > > > Subject says it all. Someone asked the other day here for sniffers. Any > > progress or suggestions for programs that detect cards in promisc mode or > > sniffing traffic? > > > > Gerald > > >
|