Re: Detecting a sniffer

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Daniel Azuelos: "Re: Re[2]: sniffers"
• Previous message: Julian Assange: "Re: Detecting a sniffer"
• Maybe in reply to: Dr. Frederick B. Cohen: "Detecting a sniffer"
• Next in thread: Brett Lymn: "Re: Detecting a sniffer"

>    >Of course you can detect a sniffer, but are you willing to pay the cost
>    >of doing so? 
>    
>    You can't "detect a sniffer" from looking at the net; the only way you can
>    try is to identify specific software indications of one being run on your
>    machine. If it's run on a different machine, on one you can't check (perhaps
>    on a palmtop someone has plugged into the net), then you can't detect it at
>    all. Even if it's being run on your server, you can detect it if the author
>    of the sniffer didn't know about, and defeat, the particular detection
>    mechanism you use.

During my work in 'secure' installations, we used fiber media to prevent
the 'sniffing' of packets using inductive pickup. This kind of 'sniffer'
can't be detected easily - 'cept by seeing it (antennas and wires running
next to your cable, where they don't belong, is a give-away)

We also used OTDRs to look for splices in the fiber.


\mgo

• Next message: Daniel Azuelos: "Re: Re[2]: sniffers"
• Previous message: Julian Assange: "Re: Detecting a sniffer"
• Maybe in reply to: Dr. Frederick B. Cohen: "Detecting a sniffer"
• Next in thread: Brett Lymn: "Re: Detecting a sniffer"