[unisog] Keyboard sniffers

Brandon Enright bmenrigh at ucsd.edu
Mon May 2 20:21:12 GMT 2005

Unfortunately the AT-PS/2 interface is a non-plug-n-play legacy interface so you
aren't going to be able to receive a signal notifying you of the device being
unplugged or plugged in.  One way to accomplish the detection would be to send
periodic commands to the keyboard and wait for the acknowledgement.

Something like "Set Typematic Rate/Delay" should do.

The following description of the spec should get you a long way towards writing
your own module:


Brandon Enright
UCSD ACS/Network Operations
bmenrigh at ucsd.edu

James J. Barlow wrote:
> Subject: [unisog] Keyboard sniffers
> We have all seen some of the recent news articles of security compromises
> at banks and such using hardware keyboard sniffers.  I was wondering if
> there were any programs or kernel modules (linux and/or windows) that detects
> when a keyboard is unplugged and will then log something to syslog or the
> system/security event viewer?
> Thanks in advance.
> --
> James J. Barlow   <jbarlow at ncsa.uiuc.edu>
> Head of Security Operations and Incident Response
> National Center for Supercomputing Applications    Voice : (217)244-6403
> 605 East Springfield Avenue   Champaign, IL 61820   Cell : (217)840-0601
> http://www.ncsa.uiuc.edu/~jbarlow                    Fax : (217)244-1987

More information about the unisog mailing list