[ILUG] "Ghost Sniffer"
rew at iol.ie
Sun Mar 11 01:49:06 GMT 2001
At 01:40 11/03/2001 +0000, Paul Jakma wrote:
>On Sat, 10 Mar 2001, Andrew Betson wrote:
> > Anyone know about this...?
>he's right... the sniffer is invisible. course the box isn't, unless
>setup to do bridging.
>the only clue is if the network card is in promiscious mode, then an
>attacker could maybe be clued in by the box being a little bit slow
>with network replies, and perhaps getting slower as the box gets
>but exactly how slow is dependent on the CPU of the box, the OS, the
>NIC, how many services run on it and how loaded they are, how fast
>the disks are, etc.. etc. that it would be impossible to tell what
>level of slow == promiscious+sniffer unless the attacker knew the box
>for a DSL line where you have effectively a point to point
>connection, you don't need to run your sniffer in promiscious mode.
This was the only reply the post got
> The trick is to use an old AUI card with a UTP converter. These items
> have gotten scarce. You cut the Tx on the board side of the AUI connector
> and let the UTP converter do the link to the hub. Note: this only works
> for 10meg ckts.
Interesting hack on the card.......
More information about the ILUG