Firewalls: Re: anti-sniffer warfare

Firewalls
(January 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: anti-sniffer warfare
From:	Don Lewis <Don . Lewis @ tsc . tdk . com>
Date:	Fri, 30 Jan 1998 15:03:27 -0800
To:	"Caldwell, Matt" <caldwm @ xgate . columbiasc . ncr . com>, "'firewalls @ greatcircle . com'" <firewalls @ GreatCircle . COM>
In-reply-to:	"Caldwell, Matt" <caldwm @ xgate . columbiasc . ncr . com> "anti-sniffer warfare" (Jan 30, 8:39am)

On Jan 30,  8:39am, "Caldwell, Matt" wrote:
} Subject: anti-sniffer warfare
}                 This week, I was asked to look into a way to tell if
} someone was sniffing on my heterogeneous network. I began to think about
} what and how I would tell. One thing came to mind was SNMP. Because SNMP
} reports the quantity with a receive/rate of the transmissions from the
} Ethernet device you can determine if this is beyond normal expectations
} and investigate further. Usually a sniffer puts the device in
} promiscuous mode which makes the Ethernet device have an excessively
} high rate of traffic.

What's to keep the culprit from reporting fake, but normal-looking,
SNMP statistics?

			---  Truck

Indexed By Date	Previous:	Re: anti-sniffer warfare From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Indexed By Date	Next:	RE: IP-IPX Gateways From: Vinod Valloppillil <vinodv @ microsoft . com>
Indexed By Thread	Previous:	Re: anti-sniffer warfare From: Don Lewis <Don . Lewis @ tsc . tdk . com>
Indexed By Thread	Next:	IP-IPX Gateways From: Bill Frazier <b . frazier @ stanleyassoc . com>