• Subject: RE: AS/400 on alt.hacker
  • From: Bob Crothers <bob@xxxxxxxxxxxxxx>
  • Date: Wed, 22 Sep 1999 15:44:23 -0500
  • Organization: Cornerstone Communications, LLC

From what I understood, they are searching the ethernet segment for 
cards that are in promiscuess mode.  Eg: cards that receive ALL 
traffic...not just what is being sent to that card.

If the card is not in promiscues mode, then it wont see all of the 
traffic.  If it doesn't see all of the trafic, then it can't "sniff".

Doesn't have much to do with the sophistication of the sniffer 
program.  Unless you are actualy going direct to the 
hardware...perhaps then, you could fool it.  But that would be a LOT 
of work.

BTW, this only looks at stuff on your local network....not the rest of 
the Internet.

Bob

-----Original Message-----
From:   Jim Langston [SMTP:jlangston@conexfreight.com]
Sent:   Wednesday, September 22, 1999 1:34 PM
To:     MIDRANGE-L@midrange.com
Subject:        Re: AS/400 on alt.hacker

Reading on the details, it seems that this program would work from
"standard" packet sniffers.  That is, the ones written now.

Could one be written to sniff and not be detected? Yes, I could think
of two ways to do it, but both would take a little bit of knowledge.

But I see how this would work on an unsophisticated packet sniffer 
program,
which most are, it would seem.

Regards,

Jim Langston

Jason Kleinemas wrote:

> A packet sniffer it self is passive, but to sniff packets you 
network
> interface card (NIC) has to be put into a promiscuous mode. Normally
> your NIC is in passive mode, meaning it only accepts packets that 
are
> for your computer. Putting the NIC in a promiscuous mode you get all 
the
> packets that pass though that wire. Antisniff will query the NIC's 
in
> the range you give it and tell you if their set promiscuous mode.
>
> Jim Langston wrote:
> >
> > Sounds surpassingly like a trojan to me.
> >
> > A packet sniffer is passive, isn't it?  It just listens for all 
packets and then
> > it translates them.  I don't think it has to do anything on the 
network to do
> > this, so I think it would be undetectable.
> >
> > Regards,
> >
> > Jim Langston
> >
> > Chuck Lewis wrote:
> >
> > > OK Mr. Tricky Guy :-) just kidding !
> > >
> > > What about Antisniff at  http://www.l0pht.com/ which says it can 
"detect
> > > intruders who have installed "packet sniffers" on a network and 
are monitoring
> > > network traffic" ???
> > >
> > > Chuck
> > >
> > > Ed Davidson wrote:
> > >
> > > > You forget, these are computers.  We can tell them to do 
something and leave
> > > > them for days/months/years at a time to accomplish the task.
> > > >
> > > > You can have packet capture software capture what you specify. 
 Do I want a
> > > > password for JoeBlow?  Tell the software to only capture 
packets with
> > > > JoeBlow in them, and then capture all packets from/to JowBlows 
computer.
> > > > Save the data to disk.  When I come back to my computer, do a 
find over the
> > > > packets for the word JoeBlow.  You can kinda tell if the 
packet is a signon
> > > > packet.   If it is, the password is in the same packet just 
under the signon
> > > > code.
> > > >
> > > > Specify just to capture packets going to a specific IP 
address, at port 20,
> > > > 21, 25, and 110.  Passwords are sent in the clear on these 
ports.
> > > >
> > > > The question isn't if you will be hacked, the question is will 
the hacker
> > > > get in?   My site gets about 44k hits a week, about 1000 
unique visitors.
> > > > Very small by internet standards.  About every other day there 
is someone
> > > > trying to do something to my internet server that they 
shouldn't.
> > > >
> > > > This information is available all over the internet.  Anyone 
looking for a
> > > > thrill can find it and cause damage to someone.
> > > >
> > > > +---
> > > > | This is the Midrange System Mailing List!
> > > > | To submit a new message, send your mail to 
MIDRANGE-L@midrange.com.
> > > > | To subscribe to this list send email to 
MIDRANGE-L-SUB@midrange.com.
> > > > | To unsubscribe from this list send email to MIDRANGE-L-UN  
SUB@midrange.com.
> > > > | Questions should be directed to the list owner/operator: 
david@midrange.com
> > > > +---
> > >
> > > +---
> > > | This is the Midrange System Mailing List!
> > > | To submit a new message, send your mail to 
MIDRANGE-L@midrange.com.
> > > | To subscribe to this list send email to 
MIDRANGE-L-SUB@midrange.com.
> > > | To unsubscribe from this list send email to 
MIDRANGE-L-UNSUB@midrange.com.
> > > | Questions should be directed to the list owner/operator: 
david@midrange.com
> > > +---
> >
> > +---
> > | This is the Midrange System Mailing List!
> > | To submit a new message, send your mail to 
MIDRANGE-L@midrange.com.
> > | To subscribe to this list send email to 
MIDRANGE-L-SUB@midrange.com.
> > | To unsubscribe from this list send email to 
MIDRANGE-L-UNSUB@midrange.com.
> > | Questions should be directed to the list owner/operator: 
david@midrange.com
> > +---
>
> --
> Jason Kleinemas
>
> Programmer/Analyst
>
> Medcenter One
> Information Services
> 300 N 7th St. P.O. Box 5525
> Bismarck ND 58506-5525  USA
>
> ICQ #: 7834507
>  Work: 701-323-6862
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to 
MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to 
MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to 
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: 
david@midrange.com
> +---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to 
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: 
david@midrange.com
+---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].