Re: AS/400 on alt.hacker -- MIDRANGE-L

A packet sniffer it self is passive, but to sniff packets you network
interface card (NIC) has to be put into a promiscuous mode. Normally
your NIC is in passive mode, meaning it only accepts packets that are
for your computer. Putting the NIC in a promiscuous mode you get all the
packets that pass though that wire. Antisniff will query the NIC's in
the range you give it and tell you if their set promiscuous mode.

Jim Langston wrote:
> 
> Sounds surpassingly like a trojan to me.
> 
> A packet sniffer is passive, isn't it?  It just listens for all packets and 
>then
> it translates them.  I don't think it has to do anything on the network to do
> this, so I think it would be undetectable.
> 
> Regards,
> 
> Jim Langston
> 
> Chuck Lewis wrote:
> 
> > OK Mr. Tricky Guy :-) just kidding !
> >
> > What about Antisniff at  http://www.l0pht.com/ which says it can "detect
> > intruders who have installed "packet sniffers" on a network and are 
>monitoring
> > network traffic" ???
> >
> > Chuck
> >
> > Ed Davidson wrote:
> >
> > > You forget, these are computers.  We can tell them to do something and 
>leave
> > > them for days/months/years at a time to accomplish the task.
> > >
> > > You can have packet capture software capture what you specify.  Do I want 
>a
> > > password for JoeBlow?  Tell the software to only capture packets with
> > > JoeBlow in them, and then capture all packets from/to JowBlows computer.
> > > Save the data to disk.  When I come back to my computer, do a find over 
>the
> > > packets for the word JoeBlow.  You can kinda tell if the packet is a 
>signon
> > > packet.   If it is, the password is in the same packet just under the 
>signon
> > > code.
> > >
> > > Specify just to capture packets going to a specific IP address, at port 
>20,
> > > 21, 25, and 110.  Passwords are sent in the clear on these ports.
> > >
> > > The question isn't if you will be hacked, the question is will the hacker
> > > get in?   My site gets about 44k hits a week, about 1000 unique visitors.
> > > Very small by internet standards.  About every other day there is someone
> > > trying to do something to my internet server that they shouldn't.
> > >
> > > This information is available all over the internet.  Anyone looking for a
> > > thrill can find it and cause damage to someone.
> > >
> > > +---
> > > | This is the Midrange System Mailing List!
> > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > > | To unsubscribe from this list send email to 
>MIDRANGE-L-UNSUB@midrange.com.
> > > | Questions should be directed to the list owner/operator: 
>david@midrange.com
> > > +---
> >
> > +---
> > | This is the Midrange System Mailing List!
> > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> > | Questions should be directed to the list owner/operator: 
>david@midrange.com
> > +---
> 
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---

-- 
Jason Kleinemas 

Programmer/Analyst

Medcenter One 
Information Services
300 N 7th St. P.O. Box 5525
Bismarck ND 58506-5525  USA

ICQ #: 7834507
 Work: 701-323-6862
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---