Sniffers (Passive Attacks)

  • Passively watches for 3-way handshake
  • Vulnerable services include telnet, ftp, rlogin, IMAP, POP ...
  • Logs N packets, or until FIN, RST, or timeout
  • Stuffs everything into a log file
  • Newer sniffers unlink themselves, unlink their log files, send logged data to collecters in ICMP packets

[Next] | [Prev] | [Top]


Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Thu Dec 9 21:03:56 PST 1999