Date: Fri, 10 Sep 1999 08:21:21 +0930 (CST) From: Mark Newton <newton@atdot.dotat.org> To: jwyatt@rwsystems.net (James Wyatt) Cc: Goran.Lowkrantz@infologigruppen.se, freebsd-security@FreeBSD.ORG Subject: Re: Lisen only NIC Message-ID: <199909092251.IAA74937@atdot.dotat.org> In-Reply-To: <Pine.BSF.4.10.9909091259540.45536-100000@bsdie.rwsystems.net> from "James Wyatt" at Sep 9, 99 01:09:40 pm
next in thread | previous in thread | raw e-mail | index | archive | help
James Wyatt wrote:
> After reading the AntiSniff stuff by the L0pht folks, I'm not so sure. I
> could send an attack packet to your machine with a forged (or real) return
> address. When you look-up the hostname in DNS during capture or reporting,
> I could see (sniff DNS server ENet, hack DNS server, etc) the DNS query
> and know you saw my packet.
How are you going to do that when I can't transmit any packets?
> I was also under the impression that you didn't have to ifconfig the card
> (causing ARP, reply packets, etc) to get /dev/bpf0 to work, since it
> worked at the MAC level. Try not configuring the card in rc.conf and just
> attaching to the filter for the card. - Jy@
The problem is that some cards will still, under some circumstances,
respond to some broadcast traffic.
Is that non-specific enough for you? :-)
- mark
--------------------------------------------------------------------
I tried an internal modem, newton@atdot.dotat.org
but it hurt when I walked. Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909092251.IAA74937>