From owner-freebsd-security Tue Jul 29 12:08:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA06406 for security-outgoing; Tue, 29 Jul 1997 12:08:04 -0700 (PDT) Received: from critter.dk.tfs.com (critter.phk.freebsd.dk [195.8.133.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA06364 for ; Tue, 29 Jul 1997 12:07:55 -0700 (PDT) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.6/8.8.5) with ESMTP id VAA00286; Tue, 29 Jul 1997 21:06:13 +0200 (CEST) To: Christopher Petrilli cc: Warner Losh , Robert Watson , security@FreeBSD.ORG From: Poul-Henning Kamp Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) In-reply-to: Your message of "Tue, 29 Jul 1997 12:52:38 EDT." Date: Tue, 29 Jul 1997 21:06:13 +0200 Message-ID: <284.870203173@critter.dk.tfs.com> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Christo pher Petrilli writes: >On Tue, 29 Jul 1997, Warner Losh wrote: > >> In message Rober >t Watson writes: >> : host. Promiscuous mode simply disables the filter. The only way to >> : prevent the packets from being sniffable is to prevent them from going on >> : the wire in question -- smart hubs (switches) do this, so are desirable. >> >> Well, there is strong encryption. While it doesn't prevent sniff of >> the packets, per se, it generally leaves you with garbage and produces >> the same net effect. > >I will note that there are a few people (ODS and Bay Networks included) >who make what is called "secure Ethernet", which basically learns what MAC >address is on each port, and scrambles frames that are not destined for >that MAC. What usually happens is it replkaces the data paylode with >alternating 0/1, and fixes the checksum. It works just fine :-) It's >also generally cheaper than a switch. Except that most of them are easy to spoof: Set up your sniffer to output 10 packets with different "from" MAC and it figures "hey port #4 is upstream, send it everything..." -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.