Hi,
> Nice idea, but working only for a sniffer with a TCP/IP stack... and
> most sniffer are really passive so they will never answer...
>
> -eric
well, I think we are talking about sniffing via a host (with tcpdump etc.)
where this is a good solution.
But I must confirm that this methond does not work with AIX :-(
I'll try to check this with Solaris the next days.
Did anyone else checked for other operating systems? HP-UX anyone?
If you want general protection against sniffing, you can only use
smart hubs or switches with pressure shielded cables - or
phiber optic cables (well you can sniff on them too, but wuth good
hardware you can detect this) ... and all these stuff won't help
against all possibilities. You can't securely get people off your
wire if they've got local access. No chance.
And - finally - once you've got a (you think) 99.9% proof conecpt -
well, you bought Tempest computer hardware, did you? ;-)
> At 08:50 2/02/98 +0100, Marc Heuse wrote:
> >I found a very easy way to detect a sniffing computer from remote.
> >It's really simple:
> >How does an ethernetcard normally work? It takes a look at every
> >(ethernet-)frame on the wire and looks for his ethernet-id or the
> >broadcast-id. If found, it takes the frame and hands it to the
> >next upper layer, f.e. the unix kernel.
> >If you craft a packet for a special host, with a *wrong* ethernet
> >address, it won't reply - unless it's in promiscious mode!
Mit freundlichen Gruessen,
Marc Heuse
This message and any statements expressed therein are those of myself
and not of the Deutsche Bank AG or its subsidiary companies.
Type Bits/KeyID Date User ID
pub 2048/DB5C03C5 1997/09/23 Marc Heuse <marc .
heuse @
mail .
deuba .
com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzQnbFEAAAEIAL/tj4hn/DVjEWAZhuqRdxZQDy5B+gZbE0CD/mUnZqpem+9L
KY+I8te7jMfTQExzqn5jYb5BaibT0SbEBWSx9Gha8EiBLAVcAjvrXpV+HJLcnPRG
YDk5a3s7GrA+QVHbbd9DWgqjMfUMw9oUDAhhjgK20SeOtFGBD2U17GkQF6TK7EjC
CTOuz2Hx/tisDuroJJnxZdbLNvCceOf/D/bbFcR7DfnEJWJ3f9JC4fibZMlX5rXL
Ct/TKhZMd4d42uL7L4KvkT5JCnFuEw1jRDPpBjZ030cK2uWCM//iEVLGmGKOs6Pg
o3Lfnnd6I6bTPHgrNsapNWmocbIGDC/4w9tcA8UABRG0Jk1hcmMgSGV1c2UgPG1h
cmMuaGV1c2VAbWFpbC5kZXViYS5jb20+iQEVAwUQNCdsUQwv+MPbXAPFAQFWEwf5
AWt6PbKLLCCBPnzBMdXatKEJvNzrZRXNSpbgKQUDAKApRUnOkDJ9yp3tfJG0/BsL
XBf+ldmjjoo/OZeWhIhNb71bbCs8BK7/YK5LKef2eq4pzSiWYosrOfjlfyOVhAiP
AiWYtK/HBELy6Zs8QwoPX0QX0+R2+ocMS0TDz7nwBgO5wcj3yMU0geTrnlDpJdj1
RgFQLE6T9qO5coRjj1EAoT5gQMxP9L4TQuifYiQ6S2vh6blr3amjPohKSDzZ62/x
rQ1KMXJd7MlMQndn8UwKt4XgoFIsZOFRrkDiXfm6zFnH40UcotoA+Ygojp52+Y6A
MuixTDbuf3Jph2jEG6r4Dw==
=/n63
-----END PGP PUBLIC KEY BLOCK-----
|
|
