Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Jul 1997 21:06:13 +0200
From:      Poul-Henning Kamp <phk@dk.tfs.com>
To:        Christopher Petrilli <petrilli@amber.org>
Cc:        Warner Losh <imp@village.org>, Robert Watson <robert@cyrus.watson.org>, security@FreeBSD.ORG
Subject:   Re: Detecting sniffers (was: Re: security hole in FreeBSD) 
Message-ID:  <284.870203173@critter.dk.tfs.com>
In-Reply-To: Your message of "Tue, 29 Jul 1997 12:52:38 EDT." <Pine.BSF.3.95q.970729125111.22895A-100000@chaos.amber.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <Pine.BSF.3.95q.970729125111.22895A-100000@chaos.amber.org>, Christo
pher Petrilli writes:
>On Tue, 29 Jul 1997, Warner Losh wrote:
>
>> In message <Pine.BSF.3.95q.970728215803.4839A-100000@cyrus.watson.org> Rober
>t Watson writes:
>> : host.  Promiscuous mode simply disables the filter.  The only way to
>> : prevent the packets from being sniffable is to prevent them from going on
>> : the wire in question -- smart hubs (switches) do this, so are desirable.
>> 
>> Well, there is strong encryption.  While it doesn't prevent sniff of
>> the packets, per se, it generally leaves you with garbage and produces
>> the same net effect.
>
>I will note that there are a few people (ODS and Bay Networks included)
>who make what is called "secure Ethernet", which basically learns what MAC
>address is on each port, and scrambles frames that are not destined for
>that MAC.  What usually happens is it replkaces the data paylode with
>alternating 0/1, and fixes the checksum.  It works just fine :-)  It's
>also generally cheaper than a switch.

Except that most of them are easy to spoof:  Set up your sniffer to 
output 10 packets with different "from" MAC and it figures "hey port
#4 is upstream, send it everything..."

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@tfs.com           TRW Financial Systems, Inc.
Power and ignorance is a disgusting cocktail.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?284.870203173>