|
From what I understood, they are searching the ethernet segment for cards that are in promiscuess mode. Eg: cards that receive ALL traffic...not just what is being sent to that card. If the card is not in promiscues mode, then it wont see all of the traffic. If it doesn't see all of the trafic, then it can't "sniff". Doesn't have much to do with the sophistication of the sniffer program. Unless you are actualy going direct to the hardware...perhaps then, you could fool it. But that would be a LOT of work. BTW, this only looks at stuff on your local network....not the rest of the Internet. Bob -----Original Message----- From: Jim Langston [SMTP:jlangston@conexfreight.com] Sent: Wednesday, September 22, 1999 1:34 PM To: MIDRANGE-L@midrange.com Subject: Re: AS/400 on alt.hacker Reading on the details, it seems that this program would work from "standard" packet sniffers. That is, the ones written now. Could one be written to sniff and not be detected? Yes, I could think of two ways to do it, but both would take a little bit of knowledge. But I see how this would work on an unsophisticated packet sniffer program, which most are, it would seem. Regards, Jim Langston Jason Kleinemas wrote: > A packet sniffer it self is passive, but to sniff packets you network > interface card (NIC) has to be put into a promiscuous mode. Normally > your NIC is in passive mode, meaning it only accepts packets that are > for your computer. Putting the NIC in a promiscuous mode you get all the > packets that pass though that wire. Antisniff will query the NIC's in > the range you give it and tell you if their set promiscuous mode. > > Jim Langston wrote: > > > > Sounds surpassingly like a trojan to me. > > > > A packet sniffer is passive, isn't it? It just listens for all packets and then > > it translates them. I don't think it has to do anything on the network to do > > this, so I think it would be undetectable. > > > > Regards, > > > > Jim Langston > > > > Chuck Lewis wrote: > > > > > OK Mr. Tricky Guy :-) just kidding ! > > > > > > What about Antisniff at http://www.l0pht.com/ which says it can "detect > > > intruders who have installed "packet sniffers" on a network and are monitoring > > > network traffic" ??? > > > > > > Chuck > > > > > > Ed Davidson wrote: > > > > > > > You forget, these are computers. We can tell them to do something and leave > > > > them for days/months/years at a time to accomplish the task. > > > > > > > > You can have packet capture software capture what you specify. Do I want a > > > > password for JoeBlow? Tell the software to only capture packets with > > > > JoeBlow in them, and then capture all packets from/to JowBlows computer. > > > > Save the data to disk. When I come back to my computer, do a find over the > > > > packets for the word JoeBlow. You can kinda tell if the packet is a signon > > > > packet. If it is, the password is in the same packet just under the signon > > > > code. > > > > > > > > Specify just to capture packets going to a specific IP address, at port 20, > > > > 21, 25, and 110. Passwords are sent in the clear on these ports. > > > > > > > > The question isn't if you will be hacked, the question is will the hacker > > > > get in? My site gets about 44k hits a week, about 1000 unique visitors. > > > > Very small by internet standards. About every other day there is someone > > > > trying to do something to my internet server that they shouldn't. > > > > > > > > This information is available all over the internet. Anyone looking for a > > > > thrill can find it and cause damage to someone. > > > > > > > > +--- > > > > | This is the Midrange System Mailing List! > > > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > > > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > > > > | To unsubscribe from this list send email to MIDRANGE-L-UN SUB@midrange.com. > > > > | Questions should be directed to the list owner/operator: david@midrange.com > > > > +--- > > > > > > +--- > > > | This is the Midrange System Mailing List! > > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > > > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > > > | Questions should be directed to the list owner/operator: david@midrange.com > > > +--- > > > > +--- > > | This is the Midrange System Mailing List! > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > > | Questions should be directed to the list owner/operator: david@midrange.com > > +--- > > -- > Jason Kleinemas > > Programmer/Analyst > > Medcenter One > Information Services > 300 N 7th St. P.O. Box 5525 > Bismarck ND 58506-5525 USA > > ICQ #: 7834507 > Work: 701-323-6862 > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.