Re: Detecting a sniffer

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: der Mouse: "Re: sniffers"
• Previous message: Julian Assange: "Re: Detecting a sniffer"
• In reply to: Bennett Todd: "Re: Detecting a sniffer"
• Next in thread: Dave Horsfall: "Re: Detecting a sniffer"

> 
> >Of course you can detect a sniffer, but are you willing to pay the cost
> >of doing so? 
> 
> You can't "detect a sniffer" from looking at the net; the only way you can
> try is to identify specific software indications of one being run on your
> machine. If it's run on a different machine, on one you can't check (perhaps
> on a palmtop someone has plugged into the net), then you can't detect it at
> all. Even if it's being run on your server, you can detect it if the author
> of the sniffer didn't know about, and defeat, the particular detection
> mechanism you use.

Incorrect - you can detect a sniffer - but it's not cheap.

-- 
-----------------
\Management  /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
 \        /\/   | Check out info-security heaven and test your system
  \/\  /\/      | for known vulnerabilities (1st time for free) at URL:
     \/Analytics| (scans deeper than SATAN or ISS)  http://all.net:8080
-----------------
   Read "Protection and Security on the Information Superhighway"
   John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95

• Next message: der Mouse: "Re: sniffers"
• Previous message: Julian Assange: "Re: Detecting a sniffer"
• In reply to: Bennett Todd: "Re: Detecting a sniffer"
• Next in thread: Dave Horsfall: "Re: Detecting a sniffer"