From owner-freebsd-security Mon Jul 28 17:34:33 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id RAA17226 for security-outgoing; Mon, 28 Jul 1997 17:34:33 -0700 (PDT) Received: from mail.webspan.net (root@mail.webspan.net [206.154.70.7]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA17187 for ; Mon, 28 Jul 1997 17:34:29 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (WEBSPAN/970608) with ESMTP id UAA25277; Mon, 28 Jul 1997 20:34:10 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (WEBSPAN/970608) with ESMTP id UAA06957; Mon, 28 Jul 1997 20:34:10 -0400 (EDT) To: "Nicole H." cc: Robert Watson , Vincent Poy , "[Mario1-]" , JbHunt , security@FreeBSD.ORG, Tomasz Dudziak From: "Gary Palmer" Subject: Re: security hole in FreeBSD In-reply-to: Your message of "Mon, 28 Jul 1997 02:22:24 -0800." Date: Mon, 28 Jul 1997 20:34:09 -0400 Message-ID: <6954.870136449@orion.webspan.net> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk "Nicole H." wrote in message ID : > Does anyone know of a good way to detect people "sniffing" on the > network? IE a program that will detect a machine running in > promiscuous mode? There is no way to detect that from outside the machine ... after all, its just listening to all the packets that go past. FreeBSD 2.2 and later log a message to console when an interface goes into promiscuous mode. The *REAL* answer is to remove BPF from all machines, and make sure they stay removed. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info