Date: Tue, 29 Jul 1997 15:43:21 -0400 (EDT) From: Christopher Petrilli <petrilli@amber.org> To: Poul-Henning Kamp <phk@dk.tfs.com> Cc: Warner Losh <imp@village.org>, Robert Watson <robert@cyrus.watson.org>, security@FreeBSD.ORG Subject: Re: Detecting sniffers (was: Re: security hole in FreeBSD) Message-ID: <Pine.BSF.3.95q.970729154145.22895F-100000@chaos.amber.org> In-Reply-To: <284.870203173@critter.dk.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> >I will note that there are a few people (ODS and Bay Networks included) > >who make what is called "secure Ethernet", which basically learns what MAC > >address is on each port, and scrambles frames that are not destined for > >that MAC. What usually happens is it replkaces the data paylode with > >alternating 0/1, and fixes the checksum. It works just fine :-) It's > >also generally cheaper than a switch. > > Except that most of them are easy to spoof: Set up your sniffer to > output 10 packets with different "from" MAC and it figures "hey port well, it does only allow a MAC to appear once, so you would realise this quite quickly. But a switch is the same as well, unless you've hard coaded VLAN type information based on MAC addresses into the switch---which is unmaintainable. Christopher
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970729154145.22895F-100000>