> > >Of course you can detect a sniffer, but are you willing to pay the cost > >of doing so? > > You can't "detect a sniffer" from looking at the net; the only way you can > try is to identify specific software indications of one being run on your > machine. If it's run on a different machine, on one you can't check (perhaps > on a palmtop someone has plugged into the net), then you can't detect it at > all. Even if it's being run on your server, you can detect it if the author > of the sniffer didn't know about, and defeat, the particular detection > mechanism you use. Incorrect - you can detect a sniffer - but it's not cheap. -- ----------------- \Management /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236 \ /\/ | Check out info-security heaven and test your system \/\ /\/ | for known vulnerabilities (1st time for free) at URL: \/Analytics| (scans deeper than SATAN or ISS) http://all.net:8080 ----------------- Read "Protection and Security on the Information Superhighway" John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95