Software... http://www.google.co.uk/search?biw=1077&hl=en&q=active+sniffer+MAC&meta= ________________________________ From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, June 27, 2005 3:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: is the latest ISA2000 security update a dud? http://www.ISAserver.org Software or hardware? I haven't see any software ones that will do that, but I might have missed it. ________________________________ From: David Farinic [mailto:davidf@xxxxxxx] Sent: Monday, June 27, 2005 09:22 To: [ISAserver.org Discussion List] Subject: [isalist] RE: is the latest ISA2000 security update a dud? http://www.ISAserver.org "...with the newer switches, a packet sniffer only catches broadcast traffic by default. They'd have to be able to hack into the switch itself and mak...." Passive sniffers YES active NO- and without hacking into switch. There are publicly available sniffers like that. DavidF ________________________________ From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, June 27, 2005 3:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: is the latest ISA2000 security update a dud? http://www.ISAserver.org That's quite possible, but not that simple. On an internal network, with the newer switches, a packet sniffer only catches broadcast traffic by default. They'd have to be able to hack into the switch itself and make the port they're plugged into a monitor port (where it gets ALL traffic) in order to capture that kind of traffic. Again, not saying it can't be done, they are several ways it "could" be done. But the average person that is going to be causing problems (saw a report that 86% of malicious hacking is done by disgruntled employees) isn't going to be able to figure out how to do it very easily. Of course, what you're describing is using someone else's network, so anything goes. Also, in public access locations like airports and such, you're far more likely to encounter a serious hacker. If we had information here that was really worth anything, I'd consider a password policy like that also. As it stands right now, only the people with administrative privileges have a harsher password policy. The rest are still having a really hard time with a five-letter minimum and not being able to use the same password twice in a row. However, they discovered that if they keep switching back and forth between two passwords it would work, so I might have to change it. This mail was checked for viruses by GFI MailSecurity. GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), and network security and management software (GFI LANguard) - www.gfi.com