On Fri, 4 Oct 2002, Jeff Peterson wrote: > A good plan of action to detect if the person is being hacked might be this: > > 1. Insert a simple hub, (not a switch), between his pc and the usual > network connection. > > 2. Attach another PC to this hub, and collect packets using Ethereal. > (http://www.ethereal.com/). The hub will allow the sniffer to inspect all > packets to and from his machine. In a switched networkd ethereal + ettercap will do the same thing. (For those that believed a switched network was safe: Welcome to the real world ;-) Hugo. -- All email sent to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Oct 05 2002 - 15:20:32 PDT