From owner-freebsd-security Mon Jul 28 17:36:33 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id RAA17454 for security-outgoing; Mon, 28 Jul 1997 17:36:33 -0700 (PDT) Received: from mail.webspan.net (root@mail.webspan.net [206.154.70.7]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA17437 for ; Mon, 28 Jul 1997 17:36:29 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (WEBSPAN/970608) with ESMTP id UAA25707; Mon, 28 Jul 1997 20:36:28 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (WEBSPAN/970608) with ESMTP id UAA08210; Mon, 28 Jul 1997 20:36:27 -0400 (EDT) To: Brian Buchanan cc: "Nicole H." , security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) In-reply-to: Your message of "Mon, 28 Jul 1997 19:06:47 EDT." Date: Mon, 28 Jul 1997 20:36:27 -0400 Message-ID: <8208.870136587@orion.webspan.net> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Brian Buchanan wrote in message ID : > I was wondering the same thing when I read a clause prohibiting the use of > network cards in promiscuous mode in the CMU network use policy. I asked > some computer security people I knew about this and their response was > that it is not possible to detect if a network card is in promiscious mode > unless you have access to the machine it's in - i.e., that you can look at > ifconfig on that machine. That only works if ifconfig has not been altered to hide the flag. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info