Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Article: Stealthful Sniffing, Intrusion Detection and Logging

  1. #11
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Sceptre, this thread is >3 years old...

    It was funny, I read what I wrote, and was confused: "I didn't post to this thread... oh, 2002..."
    [HvC]Terr: L33T Technical Proficiency

  2. #12
    Junior Member
    Join Date
    Jan 2007
    Posts
    2
    HA, lol...

    I used to be a member on here back then and when I found the article on askApache and did a google about it, this thread popped up.. so I thought, I definately need to rejoin.

    You know snort still uses this exact method to capture packets.. its still a very effective method for sniffing.

  3. #13
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    The title of this thread dates it. The focus on packet sniffing and such has long since passed, being replaced with nice things like regulatory compliance and botnets.

    Slarty's responses are all accurate though.

    AFAIK, promiscuous mode checkers only work with machines whose IP addresses are known, or which can be reached by broadcast. A stealthed machine has NO IP address and does not respond to ANY packet.
    I can confirm this in case no one else did.

    Also, switches aren't going to cache MAC addresses from a stealth unit simply because it won't be aware of an IP and or ARP response/request from said device.

    Old skool stuff is fun to read from time to time.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #14
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    thats really cool, and convenient. thats what im working on in my server at school, an IDS box with snort on it. My CS prof. has no idea whats going on with his network and he asked me if i could do any sniffing for him, rather than just sniff whenever im in there i decided to set up a snort box for him on FC5. I have two interfaces running, one to log and one to be an interface to monitor. ill definitely have to consider taking off the ip of the monitoring NIC and stealthing it. cool article and thread
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •