> >The vast majority of real-world sniffers reported to date are software >sniffers of one of two varieties: > > 1 - DOS programs using the network interface in promiscuous mode. > 2 - Unix programs modifying OS software to observe packets. > >The total number of (1) programs in widespread use comes to only 10-20 >and is certainly under 100. Current virus scanning technology makes >detection of these cases trivial by simply adding patterns for them into This is quite strange! I've never heard of a trojan horse or virus-like sniffer! People just run the sniffer software. >your existing virus scanning software. HOWEVER - since bugtraq is ONLY >concerned with Unix security holes, this is not relevant to this list >and should be taken elsewhere. > >All current (2) programs can be detected by comparing the OS programs >with their original distribution versions using MD5 or a similar >cryptographic checksum technique. This has been widely published for >over 5 years. Again, sniffer programs on unix don't modify system software, they just run. I think you're confused here. > >Thus, not only is detection of all Unix-based real-world sniffers not >impossible or infeasible, it is downright easy and simple. It can be, but not the way you're talking about. And the original poster of the thread asked how you can tell if a sniffer is running on your network, not how to tell if your system software has been modified. This is quite out there for one of your posts, you usually have better knowledge of the field. Makes me wonder if someone didn't forge mail from you, but looking at the headers everything seems ok. Methinks you should just drop this thread, the longer it goes the stranger you look. Patrick _______________________________________________________________________ / These opinions are mine, and not Amdahl's (except by coincidence;). \ | (\ | | Patrick J. Horgan Amdahl Corporation \\ Have | | patrick@amdahl.com 1250 East Arques Avenue \\ _ Sword | | Phone : (408)992-2779 P.O. Box 3470 M/S 316 \\/ Will | | FAX : (408)773-0833 Sunnyvale, CA 94088-3470 _/\\ Travel | \___________________________O16-2294________________________\)__________/