Date: Fri, 20 Aug 2004 18:02:09 +0200 From: Geert Hendrickx <geert.hendrickx@ua.ac.be> To: Ruben de Groot <mail25@bzerk.org>, Kevin Stevens <freebsd@pursued-with.net>, Bill Moran <wmoran@potentialtech.com>, Remko Lodder <remko@elvandar.org>, freebsd-questions@freebsd.org Subject: Re: Is promiscuous mode bad? Message-ID: <20040820160208.GA50230@lori.mine.nu> In-Reply-To: <20040816122400.GA81160@ei.bzerk.org> References: <200408151429.05110.aaron@daltons.ca> <20040815170806.45fcb779.wmoran@potentialtech.com> <200408151603.26022.aaron@daltons.ca> <411FE2E9.1090704@elvandar.org> <20040815183205.66b753cd.wmoran@potentialtech.com> <688492D4-EF2F-11D8-9CD1-000A959CEE6A@pursued-with.net> <20040816122400.GA81160@ei.bzerk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 16, 2004 at 02:24:00PM +0200, Ruben de Groot wrote: > On Sun, Aug 15, 2004 at 07:53:10PM -0700, Kevin Stevens typed: > > > > A lot of network scanners also trigger on NICS in promiscuous mode > > (there's a way to detect them, I forget the details at the moment) > > because admins want to know if any hosts are out there sniffing. > > How sure are you about that? AFAIK there's no way to detect a NIC in > promiscuous mode *from the outside*. I would be very interested in a network > scanner that could. IIRC, Linux has/had a bug in it's network stack which could reveal promisc. mode to the outside. It would reply to all icmp-packets with the correct ip, whatever mac-adress used. So if you'd ping a Linux box twice, but with different mac-adresses, and it replies to both, you'd know it's set in promisc. mode. I don't know whether this applies to FreeBSD. GH > > Ruben > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040820160208.GA50230>