From owner-freebsd-net Tue May 23 22:16: 1 2000 Delivered-To: freebsd-net@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with SMTP id 8CC6B37BA33 for ; Tue, 23 May 2000 22:15:59 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 19776 invoked by uid 1000); 24 May 2000 05:15:55 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 May 2000 05:15:55 -0000 Date: Wed, 24 May 2000 00:15:55 -0500 (CDT) From: Mike Silbersack To: Olaf Hoyer Cc: freebsd-net@FreeBSD.ORG Subject: Re: BPF vs. promiscuous mode In-Reply-To: <4.1.20000524033815.00a76340@mail.rz.fh-wilhelmshaven.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 24 May 2000, Olaf Hoyer wrote: > Hi! > > Well, the IP assignment is not that problem. > > Fact is, that there are run some jobs that check if on some network segment > is some card present that is in promiscuous mode and /or has its MAC adress > changed, seen independently from the assigned (via DHCP) IP adress. (Of > course, you might assign your IP adress manually). > Are there some programs/techniques that do that? I'm sure there are programs which can detect such changes, I think someone mentioned arpwatch? > BSD or Linux, some program/trick/whatsoever that pretends(return to arp > queries) a different MAC adress than stored on the ROM of the NIC. Changing the MAC address of a NIC is extremely simple, it's easily done even in windows - don't single out students who run unix as troublemakers. > We have (due to costs) one cenral switch running (3com, IIRC), with about > of twelve hubs attached, which hold altogether about 235 connections. I guess the real issue is the question of if your network is configured in such a way that a student box could take the IP of one of your boxes (dns server, etc). If the only issue is students fooling with each other, I wouldn't worry too much about it, personally. Though logging as you mention above certainly can't hurt. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message