From owner-freebsd-net Mon Feb 15 12:25:40 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA29741 for freebsd-net-outgoing; Mon, 15 Feb 1999 12:25:40 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA29729 for ; Mon, 15 Feb 1999 12:25:35 -0800 (PST) (envelope-from louie@whizzo.transsys.com) Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.9.2/8.9.1) with ESMTP id PAA74395; Mon, 15 Feb 1999 15:25:29 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <199902152025.PAA74395@whizzo.transsys.com> X-Mailer: exmh version 2.0.2 2/24/98 To: Barney Wolff cc: freebsd-net@FreeBSD.ORG From: "Louis A. Mamakos" Subject: Re: Router stats & NIC in prom. mode... References: <36c877540.71db@databus.databus.com> In-reply-to: Your message of "Mon, 15 Feb 1999 14:31:00 EST." <36c877540.71db@databus.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 15 Feb 1999 15:25:29 -0500 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Send a packet to the IP of the suspect machine, with a "wrong" MAC. > If it answers, it's snooping. Not surefire, of course, but probably > works unless the bad guy has altered the net code. Clipping the xmit > lead is harder than it used to be. Hmm.. it's really unclear to me that this is a case worth trying to detect. You could just not give the network interface an IP address, and still use BPF on it. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message