• Subject: Re: AS/400 on alt.hacker
  • From: Jim Langston <jlangston@xxxxxxxxxxxxxxxx>
  • Date: Wed, 22 Sep 1999 11:34:07 -0700
  • Organization: Conex Global Logistics Services, Inc.

Reading on the details, it seems that this program would work from
"standard" packet sniffers.  That is, the ones written now.

Could one be written to sniff and not be detected? Yes, I could think
of two ways to do it, but both would take a little bit of knowledge.

But I see how this would work on an unsophisticated packet sniffer program,
which most are, it would seem.

Regards,

Jim Langston

Jason Kleinemas wrote:

> A packet sniffer it self is passive, but to sniff packets you network
> interface card (NIC) has to be put into a promiscuous mode. Normally
> your NIC is in passive mode, meaning it only accepts packets that are
> for your computer. Putting the NIC in a promiscuous mode you get all the
> packets that pass though that wire. Antisniff will query the NIC's in
> the range you give it and tell you if their set promiscuous mode.
>
> Jim Langston wrote:
> >
> > Sounds surpassingly like a trojan to me.
> >
> > A packet sniffer is passive, isn't it?  It just listens for all packets and 
>then
> > it translates them.  I don't think it has to do anything on the network to 
>do
> > this, so I think it would be undetectable.
> >
> > Regards,
> >
> > Jim Langston
> >
> > Chuck Lewis wrote:
> >
> > > OK Mr. Tricky Guy :-) just kidding !
> > >
> > > What about Antisniff at  http://www.l0pht.com/ which says it can "detect
> > > intruders who have installed "packet sniffers" on a network and are 
>monitoring
> > > network traffic" ???
> > >
> > > Chuck
> > >
> > > Ed Davidson wrote:
> > >
> > > > You forget, these are computers.  We can tell them to do something and 
>leave
> > > > them for days/months/years at a time to accomplish the task.
> > > >
> > > > You can have packet capture software capture what you specify.  Do I 
>want a
> > > > password for JoeBlow?  Tell the software to only capture packets with
> > > > JoeBlow in them, and then capture all packets from/to JowBlows computer.
> > > > Save the data to disk.  When I come back to my computer, do a find over 
>the
> > > > packets for the word JoeBlow.  You can kinda tell if the packet is a 
>signon
> > > > packet.   If it is, the password is in the same packet just under the 
>signon
> > > > code.
> > > >
> > > > Specify just to capture packets going to a specific IP address, at port 
>20,
> > > > 21, 25, and 110.  Passwords are sent in the clear on these ports.
> > > >
> > > > The question isn't if you will be hacked, the question is will the 
>hacker
> > > > get in?   My site gets about 44k hits a week, about 1000 unique 
>visitors.
> > > > Very small by internet standards.  About every other day there is 
>someone
> > > > trying to do something to my internet server that they shouldn't.
> > > >
> > > > This information is available all over the internet.  Anyone looking 
>for a
> > > > thrill can find it and cause damage to someone.
> > > >
> > > > +---
> > > > | This is the Midrange System Mailing List!
> > > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > > > | To unsubscribe from this list send email to 
>MIDRANGE-L-UNSUB@midrange.com.
> > > > | Questions should be directed to the list owner/operator: 
>david@midrange.com
> > > > +---
> > >
> > > +---
> > > | This is the Midrange System Mailing List!
> > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > > | To unsubscribe from this list send email to 
>MIDRANGE-L-UNSUB@midrange.com.
> > > | Questions should be directed to the list owner/operator: 
>david@midrange.com
> > > +---
> >
> > +---
> > | This is the Midrange System Mailing List!
> > | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> > | Questions should be directed to the list owner/operator: 
>david@midrange.com
> > +---
>
> --
> Jason Kleinemas
>
> Programmer/Analyst
>
> Medcenter One
> Information Services
> 300 N 7th St. P.O. Box 5525
> Bismarck ND 58506-5525  USA
>
> ICQ #: 7834507
>  Work: 701-323-6862
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.