From owner-freebsd-security  Thu Sep  9 15:53:49 1999
Delivered-To: freebsd-security@freebsd.org
Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3])
	by hub.freebsd.org (Postfix) with ESMTP id 7FDA31573F
	for <freebsd-security@FreeBSD.ORG>; Thu,  9 Sep 1999 15:53:38 -0700 (PDT)
	(envelope-from newton@atdot.dotat.org)
Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.7) id IAA74937; Fri, 10 Sep 1999 08:21:21 +0930 (CST)
From: Mark Newton <newton@atdot.dotat.org>
Message-Id: <199909092251.IAA74937@atdot.dotat.org>
Subject: Re: Lisen only NIC
To: jwyatt@rwsystems.net (James Wyatt)
Date: Fri, 10 Sep 1999 08:21:21 +0930 (CST)
Cc: Goran.Lowkrantz@infologigruppen.se, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.10.9909091259540.45536-100000@bsdie.rwsystems.net> from "James Wyatt" at Sep 9, 99 01:09:40 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

James Wyatt wrote:

 > After reading the AntiSniff stuff by the L0pht folks, I'm not so sure. I
 > could send an attack packet to your machine with a forged (or real) return
 > address. When you look-up the hostname in DNS during capture or reporting,
 > I could see (sniff DNS server ENet, hack DNS server, etc) the DNS query
 > and know you saw my packet.

How are you going to do that when I can't transmit any packets?

 > I was also under the impression that you didn't have to ifconfig the card
 > (causing ARP, reply packets, etc) to get /dev/bpf0 to work, since it
 > worked at the MAC level. Try not configuring the card in rc.conf and just
 > attaching to the filter for the card. - Jy@

The problem is that some cards will still, under some circumstances,
respond to some broadcast traffic.

Is that non-specific enough for you? :-)

    - mark

--------------------------------------------------------------------
I tried an internal modem,                    newton@atdot.dotat.org
     but it hurt when I walked.                          Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message