The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
Detecting network sniffers

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Robert Hurlbut

Posts: 547
Nickname: rhurlbut
Registered: Mar, 2004

Robert Hurlbut is a Principal Consultant with Hurlbut Consulting
Detecting network sniffers Posted: Mar 16, 2005 1:56 PM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut.
Original Post: Detecting network sniffers
Feed Title: Robert Hurlbut's .Net Blog
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx
Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by Robert Hurlbut
Latest Posts From Robert Hurlbut's .Net Blog

Advertisement

Last night ended a series of talks I gave last week in a couple of locations. Last Wednesday, I enjoyed speaking to the Connecticut Access User Group on Security, and I had a great time this weekend delivering four talks at Code Camp III on Security and SQL Server 2005 topics. I was going to speak at the Rhode Island .NET Users Group on Thursday night, but it was postponed again (maybe I will get to speak there someday!).

I will talk more about Code Camp experiences in another post, but I wanted to post this quick follow-up to one of my most popular talks: Penetration Testing of ASP.NET Web Applications (it was so popular that we had to move from a smaller room we were originally in to a much larger room just to accomodate all the people -- and then it was standing room only in some spots!).

One question that was posed was how do you detect if a network sniffer is running on your network? I am not sure as I haven't set up any tools to do that, but a network person afterward indicated it is very, very difficult, if not impossible, to detect. I just noticed this post by Tim Rains (Microsoft) on just such a proposed tool:

Do you know whether your Windows system is sniffing network traffic off the network without your knowledge?  

 

This type of passive attack can be very difficult to detect.  There are numerous third party tools that try to detect network sniffers running on the network by looking for signs of systems with network interfaces running in “promiscuous mode.” Since many of these tools use network-based detection techniques that rely on bugs in operating systems and/or specific sniffer behavior, they can generate false positive and false negative results.

 

I have developed a tool that can detect managed Windows systems that have network interfaces running in promiscuous mode – a key indicator that a network sniffer is running on the system.  I use a host based detection technique instead of a network based detection technique in order to make this tool as accurate as possible.

This looks very interesting, and I am looking forward to testing the capabilities.

Read: Detecting network sniffers

Topic: Happy 7th Birthday Jonathan!! Previous Topic   Next Topic Topic: Microsoft acquires Groove Networks
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use