> JOO>> > Today I tried for the first time a Sniffer (sniffit) and I was amazed to
> JOO>> > see what it can do to our privecy :-(
> JOO>> > Is there a way to make Alarm when someone try to sniff my Net / Users ?
> JOO>>
> JOO>> I don't think so. The key is to use encrypted communications
> JOO>> when ever possible. You can't catch them because they don't
>
> In fact, there are a way to detect that your interface is in promiscous
> mode (needed for sniffing other machines). Search bugtraq archives for
> more, I don't remember exactly where it is. And about local machine - if
> anyone got to run sniffer there, you have much bigger trouble, since
> sniffers are run as root ;) But there's much simpler way t detect it -
> just looking on ifconfig output should suffice.
>
Yes, but with a lap top loaded with a sniffer connected to your network their is
really no way to detect this, or to secure the system the attacker is using because
its not necessarily even one of your companies systems. Plus this has become very
easy, and cheap with Linux (not that that was anybody's intent). A couple boot
disks with the right software, and you can hijack someone's machine fairly easily
for use other than its proper use. Really the only thing that comes close to
prevent sniffer's from achieving their goal in an attacker's hands is encrypted
communications, or as you said:
>
> And then - use ssh instead of telnet, and if you are paranoid - scp
> instead of ftp, et cetera.
...james
