[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-linux-uk-schools
Subject:    RE: [suse-linux-uk-schools] Detecting packet sniffers
From:       Simon Wood <Simon.Wood () pace ! co ! uk>
Date:       2001-06-29 8:22:17
[Download RAW message or body]

Just a couple of things to note/think about.

1). Packet sniffers will be undetectable if done 'properly' (i.e. external
network interface with TX wires cut).

2). If you can afford it, you're probably best using switches rather than
hubs. These mean that the info wanted to be sniffed is not present on 
all strands of the network. This of course will improve you network's
performance as a side-effect ;-)

3). Attempt to remove the value of sniffing data by using encrypted 
communications were possible, such as ssh rather than telnet.

4). There is some value (for sniffers) to not go into promiscuous mode and
just sniff packets for the 'local' machine.

Simon Wood


[prev in list] [next in list] [prev in thread] [next in thread]