> Nice idea, but working only for a sniffer with a TCP/IP stack... and
> most sniffer are really passive so they will never answer...
well, I think we are talking about sniffing via a host (with tcpdump etc.)
where this is a good solution.
But I must confirm that this methond does not work with AIX :-(
I'll try to check this with Solaris the next days.
Did anyone else checked for other operating systems? HP-UX anyone?
If you want general protection against sniffing, you can only use
smart hubs or switches with pressure shielded cables - or
phiber optic cables (well you can sniff on them too, but wuth good
hardware you can detect this) ... and all these stuff won't help
against all possibilities. You can't securely get people off your
wire if they've got local access. No chance.
And - finally - once you've got a (you think) 99.9% proof conecpt -
well, you bought Tempest computer hardware, did you? ;-)
> At 08:50 2/02/98 +0100, Marc Heuse wrote:
> >I found a very easy way to detect a sniffing computer from remote.
> >It's really simple:
> >How does an ethernetcard normally work? It takes a look at every
> >(ethernet-)frame on the wire and looks for his ethernet-id or the
> >broadcast-id. If found, it takes the frame and hands it to the
> >next upper layer, f.e. the unix kernel.
> >If you craft a packet for a special host, with a *wrong* ethernet
> >address, it won't reply - unless it's in promiscious mode!
Mit freundlichen Gruessen,
This message and any statements expressed therein are those of myself
and not of the Deutsche Bank AG or its subsidiary companies.
Type Bits/KeyID Date User ID
pub 2048/DB5C03C5 1997/09/23 Marc Heuse <marc .
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----