Re: detecting sniffers is downright easy

Ronald Holland (holland@Telchar.Jpl.Nasa.Gov)
Wed, 10 May 1995 08:40:28 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dr. Frederick B. Cohen: "snooper detection"
Previous message: Dr. Frederick B. Cohen: "Re: detecting sniffers is downright easy"
In reply to: Dr. Frederick B. Cohen: "detecting sniffers is downright easy"
Next in thread: Perry E. Metzger: "Re: detecting sniffers is downright easy"

On Wed, 10 May 1995, Dr. Frederick B. Cohen wrote:

> All current (2) programs can be detected by comparing the OS programs
> with their original distribution versions using MD5 or a similar
> cryptographic checksum technique.  This has been widely published for
> over 5 years.
> 
> Thus, not only is detection of all Unix-based real-world sniffers not
> impossible or infeasible, it is downright easy and simple. 
> 

Correct me if I am wrong,  but the sniffers we have seen here do not 
modify any OS programs.  The OS program may have been trojaned as a 
separate attack to provide entry points,  but the sniffer itself does not 
modify anything (Other than putting /dev/nit into promiscuos mode on 
SunOS).

Assuming that you are correct,  all I have to do is get our 10,000 
machines to run tripwire and the 400 part-time system administrators to 
be observant...

easy.... simple.... I don't think so, Fred...

------------
Ron Holland                holland@telchar.jpl.nasa.gov
Communications, Computer & Network Services
JPL / NASA - Pasadena, CA

Visualize Whirled Peas... Ummmm.. Make that World Peace!

Next message: Dr. Frederick B. Cohen: "snooper detection"
Previous message: Dr. Frederick B. Cohen: "Re: detecting sniffers is downright easy"
In reply to: Dr. Frederick B. Cohen: "detecting sniffers is downright easy"
Next in thread: Perry E. Metzger: "Re: detecting sniffers is downright easy"