Date: Wed, 24 May 2000 03:43:32 +0200 From: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> To: Mike Silbersack <silby@silby.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: BPF vs. promiscuous mode Message-ID: <4.1.20000524033815.00a76340@mail.rz.fh-wilhelmshaven.de> In-Reply-To: <Pine.BSF.4.21.0005232030020.19221-100000@achilles.silby.co m> References: <4.1.20000524031209.027cb820@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
>> I mean with fake adress that you pretend that your NIC had a differentz >> adress fro,m that stored in PROM. >> >> Say, your NIC had an adress of (fictional) 00:00:00:1e:3d:2a and you could >> make it appear to other boxes on the same network as say, >> 3e:2e:4b:3d:5c:00, in this case I'd like to know >> a) how this is done and >> b) how can it be detected > >Well, as one of those pesky students who has reprogramming his MAC address >on multiple occasions (so DHCP would give me the same IP when switching >NICs), I'm curious why that's a problem. Changing IPs doesn't really pose >any threat that I'm aware of, unless you're impersonating the gateway. >(Such attacks may be doable even without changing MAC addresses, >actually. I think impersonating the DHCP server would do - no packet >sniffing required!) > >However, that's really unimportant anyway; it sounds like you're using >regular hubs from your above statements. You should probably just get >cheap switches; any other countermeasures to prevent sniffers are just >going to take a lot of time, and not really be effective. Hi! Well, the IP assignment is not that problem. Fact is, that there are run some jobs that check if on some network segment is some card present that is in promiscuous mode and /or has its MAC adress changed, seen independently from the assigned (via DHCP) IP adress. (Of course, you might assign your IP adress manually). Are there some programs/techniques that do that? BSD or Linux, some program/trick/whatsoever that pretends(return to arp queries) a different MAC adress than stored on the ROM of the NIC. We have (due to costs) one cenral switch running (3com, IIRC), with about of twelve hubs attached, which hold altogether about 235 connections. Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- Turning PC's into workstations ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000524033815.00a76340>