Firewalls: Re: Firewalls-Digest V7 #53

Firewalls
(February 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls-Digest V7 #53
From:	Stefan Schmidt <schmidts @ informatik . tu-muenchen . de>
Date:	Wed, 4 Feb 1998 14:45:54 +0100 (MET)
To:	Firewalls @ GreatCircle . COM
In-reply-to:	<199802040438 . UAA16847 @ honor . greatcircle . com>

Hi,

At 08:50 2/02/98 +0100, Marc Heuse wrote:

>I found a very easy way to detect a sniffing computer from remote.

you should have mentioned where you've read about this "send the echo
request to the wrong MAC address" trick and give proper credit.

Among other techniques it has been discussed in comp.security.unix 
beginning Oct 17th 1997 ("Finding a machine which is sniffing on the
network") and the "send the echo request to the wrong MAC address" idea
was brought up 19th Oct. The old articles of comp.security.unix can be
retrieved through www.dejanews.com's power search in the old database.

stefan

Indexed By Date	Previous:	RE: FW-1 and FIN scanning (was: nmap tool) From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>
Indexed By Date	Next:	RE: FW-1 and FIN scanning (was: nmap tool) From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>
Indexed By Thread	Previous:	firewall From: rdixon @ NCAnet . com (Randy Dixon)
Indexed By Thread	Next:	RE: Plaintext log files on firewall From: Emmanuel Tychon <manu @ acm . org>