Date: Wed, 08 Sep 1999 21:53:14 -0700 From: Dean <dean@thegrid.net> To: freebsd-security@freebsd.org Subject: Re: Layer 2 ethernet encryption? Message-ID: <4.1.19990908213955.009651a0@mail.thegrid.net> In-Reply-To: <37D61E69.58B806DF@aracnet.com> References: <XFMail.990907105629.ks@osi.ru> <4.1.19990907190442.0096ada0@mail.thegrid.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:29 AM 9/8/99 -0700, you wrote: >The Mad Scientist wrote: ><snip> >> I do not claim to understand driver writing, but what about >ripping out >> the code that puts the NIC into promiscous mode? > >I'm not a software hacker, so I couldn't tell you if that would work, >but disabling that part of the driver might not be such a good idea. NICs can function without these parts (AFAIK). When a card is promiscous mode, it simply passes everything is picks up to the application layer (tcpdump, snoop, nmap, etc). When it's not in promiscous mode, there's a filter (for lack of a better word) that passes only those packets to the application layer. It's my understanding that promiscous mode just bypasses that filter. >> You would have to modify >> the code that allows the driver to change its MAC address, probably. But >> if you have good network monitors, you should be able to detect a machine >> that is pretending to be someone else pretty quickly. It's not encryption, >> but if you're blind, you can't read the written word. It doesn't solve >> your EM problems either. > >If a NIC changed it's MAC, it would loose connectivity. Some drivers (some of those for AIX, eg) allow you to change the mac address of a card. In fact, in a Sun box any extra NICs take on the mac address of the one on the motherboard. (Which is a little beyond me, but it makes it easier to configure the auto-install servers at work.) Thake the card to another machine and the mac address changes. Now, I've read ahead, and I know that your netowrk is routed by mac address, so it probably would loose it's connection. ^_^ > >> 'Course, I guess any user with half a brain could go out and get the >> original driver and put it in place -- this being an open source solution. >> So, I guess it's not such a good idea after all. > >Integrity checks withstanding, such a modification would prevent the >machine from connecting to the network. One day we will all be this paranoid. (I hope) ------------------------------------------------------------------------------- Staccato signals of constant information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990908213955.009651a0>