Sniffer detectors for Linux?
Derek D. Martin
ddm+gnhlug at pizzashack.org
Thu Sep 19 15:44:36 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At some point hitherto, Thomas Charron hath spake thusly:
> Quoting "Derek D. Martin" <ddm+gnhlug at pizzashack.org>:
> > > Hmmm. Valid point. I know a fair bit about low-level ethernet
> > stuff,
> > > so: wouldn't it be possible to set up a MAC:IP table of some sort?
> > To what end? Suppose the sniffer doesn't configure an IP address?
>
> Then you'd probrably have your culprit. ;-)
Possibly, but all it really means is that there'd be an unconfigured
NIC on the wire. There could be any number of those, for various
reasons...
Plus, if this were someone who were serious about sniffing, and not
getting caught, they could cut their send pin off the card, and you'd
never see their MAC.
What's the point? The point is detecting sniffers is not impossible,
but it's far from reliable.
- --
Derek Martin ddm at pizzashack.org
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9iikjdjdlQoHP510RAsx7AKChKfPn1332DTIN1/I6yjQEXyZfFgCfY5Tf
tfipW0V8ekNJ0MHlYMFNNow=
=sNC9
-----END PGP SIGNATURE-----
More information about the gnhlug-discuss
mailing list