From owner-freebsd-security Tue Jul 29 09:53:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA28483 for security-outgoing; Tue, 29 Jul 1997 09:53:02 -0700 (PDT) Received: from chaos.amber.org (root@chaos.amber.org [205.231.232.12]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA28477 for ; Tue, 29 Jul 1997 09:53:00 -0700 (PDT) Received: from chaos.amber.org (petrilli@chaos.amber.org [205.231.232.12]) by chaos.amber.org (8.7.5/8.6.12) with SMTP id MAA23141; Tue, 29 Jul 1997 12:52:40 -0400 (EDT) Date: Tue, 29 Jul 1997 12:52:38 -0400 (EDT) From: Christopher Petrilli To: Warner Losh cc: Robert Watson , security@FreeBSD.ORG Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 29 Jul 1997, Warner Losh wrote: > In message Robert Watson writes: > : host. Promiscuous mode simply disables the filter. The only way to > : prevent the packets from being sniffable is to prevent them from going on > : the wire in question -- smart hubs (switches) do this, so are desirable. > > Well, there is strong encryption. While it doesn't prevent sniff of > the packets, per se, it generally leaves you with garbage and produces > the same net effect. I will note that there are a few people (ODS and Bay Networks included) who make what is called "secure Ethernet", which basically learns what MAC address is on each port, and scrambles frames that are not destined for that MAC. What usually happens is it replkaces the data paylode with alternating 0/1, and fixes the checksum. It works just fine :-) It's also generally cheaper than a switch. Christopher