<snip> /* ----------------------------------------- Network Promiscuous Ethernet Detector. Linux 2.0.x / 2.1.x, libc5 & GlibC ----------------------------------------- (c) 1998 savageat_private ----------------------------------------- Scan your subnet, and detect promiscuous linuxes. It really works, not a joke. ----------------------------------------- [ http://www.rootshell.com/ ] <snip> This nifty program was released on rootshell a few days ago. I'm suprised it hasn't got more play on bugtraq yet. Using the ARP protocol, it is apparently possible to tell which machines on a subnet are sniffing. Without going into the details of how exactly this detector works (mainly because I'm not quite sure myself) it is possible to defeat the detector by having your machine be shown as a false negative. <Hax0r> # /sbin/ifconfig eth0 -arp <Hax0r> # ./evilsniffer -i eth0 Now the interface will not respond to ARP queries, thus no detection. Not responding to ARP requests is suspicious but the fact remains that you can't be sure whether or not someone is sniffing. Additionally, this program apparently will not detect sniffers on your own machine, but if that is the case you have bigger problems anyway. Seth M. McGann / smmat_private "Security is making it http://www.wpi.edu/~smm to the bathroom in time." KeyID: 2048/1024/E2501C80 Fingerprint 3344 DFA2 8E4A 977B 63A7 19E3 6AF7 4AE7 E250 1C80
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:41 PDT