Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 May 2000 20:35:17 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: BPF vs. promiscuous mode
Message-ID:  <Pine.BSF.4.21.0005232030020.19221-100000@achilles.silby.com>
In-Reply-To: <4.1.20000524031209.027cb820@mail.rz.fh-wilhelmshaven.de>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, 24 May 2000, Olaf Hoyer wrote:

> Its a chaotic peer-to-peer network, with a DHCP server and a gateway to
> university.
> We already had some sniffer attack to sniff out Pop3 passwords.
> 

...

> I mean with fake adress that you pretend that your NIC had a differentz
> adress fro,m that stored in PROM. 
> 
> Say, your NIC had an adress of (fictional) 00:00:00:1e:3d:2a and you could
> make it appear to other boxes on the same network as say,
> 3e:2e:4b:3d:5c:00, in this case I'd like to know 
> a) how this is done and
> b) how can it be detected

Well, as one of those pesky students who has reprogramming his MAC address
on multiple occasions (so DHCP would give me the same IP when switching
NICs), I'm curious why that's a problem.  Changing IPs doesn't really pose
any threat that I'm aware of, unless you're impersonating the gateway.
(Such attacks may be doable even without changing MAC addresses,
actually.  I think impersonating the DHCP server would do - no packet
sniffing required!)

However, that's really unimportant anyway; it sounds like you're using
regular hubs from your above statements.  You should probably just get
cheap switches; any other countermeasures to prevent sniffers are just
going to take a lot of time, and not really be effective.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005232030020.19221-100000>