| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] sniffing network
I ran a check with an app called anasyl and this completely freaked out with
"sniffer found" alerts, and these are reported to be on users mahines
("normal users")
-----Original Message-----
From: Carl E. Mankinen [SMTP:[email protected]]
Sent: 11 December 2001 18:29
To: [email protected]
Subject: Re: [FW-1] sniffing network
Chances are these users are using YOUR DNS servers.
You could spoof a ping sweep over all your subnets from an address
like
10.10.10.10 or whatever.
Then grep your dns logs for anyone attempting reverse lookups on
that
address, lots of sniffers are left in mode where they try to resolve
IP's to hostnames as a feature.
Most legit sniffers will broadcast a sniffer active frame.
What led you to believe you have sniffers running outside of
administrative controls?
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]] On
> Behalf Of Michael Black
> Sent: Tuesday, December 11, 2001 8:40 AM
> To: [email protected]
> Subject: [FW-1] sniffing network
>
>
> Greetings all
>
> I have just started with a new company and to my horror
> discovered that the
> network has been infested with sniffers and probes.
> Conventual anti virus software does not detect these
> encoutered, any ideas
> how I could go about combating these bastards????
>
> I have been able to find out whre most of them are, but
> failed to get rid of
> them.
>
>
> PLZ HELP
> mika
>
>
>
**********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom
they
> are addressed. If you have received this email in error please
notify
> the system manager.
>
> This footnote also confirms that this email message has been swept
by
> MIMEsweeper for the presence of computer viruses.
>
www.mimesweeper.com
**********************************************************************
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================
|
|
