From owner-freebsd-security Wed Sep 8 21:55:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta1.snfc21.pbi.net (mta1.snfc21.pbi.net [206.13.28.122]) by hub.freebsd.org (Postfix) with ESMTP id 1C9B8157AB for ; Wed, 8 Sep 1999 21:55:07 -0700 (PDT) (envelope-from dean@thegrid.net) Received: from remus (adsl-63-193-246-169.dsl.snfc21.pacbell.net) by mta1.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.05.24.18.28.p7) with SMTP id <0FHS00M6D0BB45@mta1.snfc21.pbi.net> for freebsd-security@freebsd.org; Wed, 8 Sep 1999 21:54:48 -0700 (PDT) Date: Wed, 08 Sep 1999 21:53:14 -0700 From: Dean Subject: Re: Layer 2 ethernet encryption? In-reply-to: <37D61E69.58B806DF@aracnet.com> X-Sender: i393382@mail.thegrid.net To: freebsd-security@freebsd.org Message-id: <4.1.19990908213955.009651a0@mail.thegrid.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Content-type: text/plain; charset="us-ascii" References: <4.1.19990907190442.0096ada0@mail.thegrid.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:29 AM 9/8/99 -0700, you wrote: >The Mad Scientist wrote: > >> I do not claim to understand driver writing, but what about >ripping out >> the code that puts the NIC into promiscous mode? > >I'm not a software hacker, so I couldn't tell you if that would work, >but disabling that part of the driver might not be such a good idea. NICs can function without these parts (AFAIK). When a card is promiscous mode, it simply passes everything is picks up to the application layer (tcpdump, snoop, nmap, etc). When it's not in promiscous mode, there's a filter (for lack of a better word) that passes only those packets to the application layer. It's my understanding that promiscous mode just bypasses that filter. >> You would have to modify >> the code that allows the driver to change its MAC address, probably. But >> if you have good network monitors, you should be able to detect a machine >> that is pretending to be someone else pretty quickly. It's not encryption, >> but if you're blind, you can't read the written word. It doesn't solve >> your EM problems either. > >If a NIC changed it's MAC, it would loose connectivity. Some drivers (some of those for AIX, eg) allow you to change the mac address of a card. In fact, in a Sun box any extra NICs take on the mac address of the one on the motherboard. (Which is a little beyond me, but it makes it easier to configure the auto-install servers at work.) Thake the card to another machine and the mac address changes. Now, I've read ahead, and I know that your netowrk is routed by mac address, so it probably would loose it's connection. ^_^ > >> 'Course, I guess any user with half a brain could go out and get the >> original driver and put it in place -- this being an open source solution. >> So, I guess it's not such a good idea after all. > >Integrity checks withstanding, such a modification would prevent the >machine from connecting to the network. One day we will all be this paranoid. (I hope) ------------------------------------------------------------------------------- Staccato signals of constant information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message