[ILUG] "Ghost Sniffer"
Paul Jakma
paul at jakma.org
Sun Mar 11 01:40:54 GMT 2001
On Sat, 10 Mar 2001, Andrew Betson wrote:
> Anyone know about this...?
he's right... the sniffer is invisible. course the box isn't, unless
setup to do bridging.
the only clue is if the network card is in promiscious mode, then an
attacker could maybe be clued in by the box being a little bit slow
with network replies, and perhaps getting slower as the box gets
busier.
but exactly how slow is dependent on the CPU of the box, the OS, the
NIC, how many services run on it and how loaded they are, how fast
the disks are, etc.. etc. that it would be impossible to tell what
level of slow == promiscious+sniffer unless the attacker knew the box
intimately already.
for a DSL line where you have effectively a point to point
connection, you don't need to run your sniffer in promiscious mode.
(for everything above: i think - pooh will surely jump on me if i'm
wrong)
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org
PGP5 key: http://www.clubi.ie/jakma/publickey.txt
-------------------------------------------
Fortune:
My folks didn't come over on the Mayflower, but they were there to meet
the boat.
More information about the ILUG
mailing list