Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jul 1997 21:20:05 -0400 (EDT)
From:      Brian Buchanan <brian@thought.res.cmu.edu>
To:        Gary Palmer <gpalmer@FreeBSD.ORG>
Cc:        security@FreeBSD.ORG
Subject:   Re: Detecting sniffers (was: Re: security hole in FreeBSD) 
Message-ID:  <Pine.BSF.3.96.970728211902.26892H-100000@thought.res.cmu.edu>
In-Reply-To: <8208.870136587@orion.webspan.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Gary Palmer wrote:

> Brian Buchanan wrote in message ID
> <Pine.BSF.3.96.970728190019.26892A-100000@thought.res.cmu.edu>:
> > I was wondering the same thing when I read a clause prohibiting the use of
> > network cards in promiscuous mode in the CMU network use policy.  I asked
> > some computer security people I knew about this and their response was
> > that it is not possible to detect if a network card is in promiscious mode
> > unless you have access to the machine it's in - i.e., that you can look at
> > ifconfig on that machine.
> 
> That only works if ifconfig has not been altered to hide the flag.

That wasn't my point.  My point was that it's not possible to detect it
without access to the local box.  If you had root access you could always
query the card itself to see if it was set promiscious.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970728211902.26892H-100000>