sniffer/promisc detector

Precisely. Don't count on security through obscurity -- there are
targeted attacks, if nothing else -- but *after* you've taken all due
precautions against a knowledgeable adversary, throwing in some
obscurity can help, too. (Want a worked example? Ask the NSA to
publish the algorithm for one of their top secret encryption

But there's another major caveat: this sort of obscurity doesn't scale
very well. It's fine to put ssh on another port if you have a
relatively small community of reasonably sophisticated users who can
cope, or if you can hand out canned configurations to less
sophisticated users. But you couldn't easily put SMTP elsewhere, or no
one could find you. You'd also have support problems with your user
base if you tried doing that as an anti-relay technique.

Obscurity works in small, closed communities. Beyond that, operational
considerations can kill you.

    --Steve Bellovin,