200 messages in org.freebsd.freebsd-securityRe: Detecting sniffers (was: Re: secu...| From | Sent On | Attachments |
|---|---|---|
| 45 earlier messages | ||
| Robert Watson | Jul 28, 1997 1:54 pm | |
| Nate Williams | Jul 28, 1997 2:00 pm | |
| Ollivier Robert | Jul 28, 1997 2:07 pm | |
| Matthew N. Dodd | Jul 28, 1997 2:14 pm | |
| Karl Denninger | Jul 28, 1997 2:42 pm | |
| Vincent Poy | Jul 28, 1997 2:43 pm | |
| Vincent Poy | Jul 28, 1997 3:01 pm | |
| Vincent Poy | Jul 28, 1997 3:06 pm | |
| Jordan K. Hubbard | Jul 28, 1997 3:10 pm | |
| Vincent Poy | Jul 28, 1997 3:25 pm | |
| Vincent Poy | Jul 28, 1997 3:28 pm | |
| Matthew N. Dodd | Jul 28, 1997 3:30 pm | |
| Vincent Poy | Jul 28, 1997 3:30 pm | |
| Vincent Poy | Jul 28, 1997 3:44 pm | |
| Brian Buchanan | Jul 28, 1997 4:06 pm | |
| Gary Clark II | Jul 28, 1997 4:06 pm | |
| Vincent Poy | Jul 28, 1997 4:14 pm | |
| Vincent Poy | Jul 28, 1997 4:16 pm | |
| Vincent Poy | Jul 28, 1997 4:18 pm | |
| Matthew N. Dodd | Jul 28, 1997 4:18 pm | |
| Vincent Poy | Jul 28, 1997 4:19 pm | |
| Vincent Poy | Jul 28, 1997 4:25 pm | |
| Vincent Poy | Jul 28, 1997 4:30 pm | |
| Brian Buchanan | Jul 28, 1997 4:48 pm | |
| Jordan K. Hubbard | Jul 28, 1997 4:59 pm | |
| Jordan K. Hubbard | Jul 28, 1997 5:00 pm | |
| Vincent Poy | Jul 28, 1997 5:02 pm | |
| Brian Buchanan | Jul 28, 1997 5:09 pm | |
| Vincent Poy | Jul 28, 1997 5:19 pm | |
| Vincent Poy | Jul 28, 1997 5:20 pm | |
| Gary Palmer | Jul 28, 1997 5:22 pm | |
| Vincent Poy | Jul 28, 1997 5:26 pm | |
| Vincent Poy | Jul 28, 1997 5:30 pm | |
| Gary Palmer | Jul 28, 1997 5:30 pm | |
| Brian Buchanan | Jul 28, 1997 5:32 pm | |
| Gary Palmer | Jul 28, 1997 5:33 pm | |
| Vincent Poy | Jul 28, 1997 5:34 pm | |
| Gary Palmer | Jul 28, 1997 5:36 pm | |
| Vincent Poy | Jul 28, 1997 5:40 pm | |
| Gary Palmer | Jul 28, 1997 5:44 pm | |
| Gary Palmer | Jul 28, 1997 5:45 pm | |
| Vincent Poy | Jul 28, 1997 5:49 pm | |
| Gary Palmer | Jul 28, 1997 5:53 pm | |
| Vincent Poy | Jul 28, 1997 5:57 pm | |
| Vincent Poy | Jul 28, 1997 6:01 pm | |
| Vincent Poy | Jul 28, 1997 6:01 pm | |
| Brian Buchanan | Jul 28, 1997 6:19 pm | |
| Brian Buchanan | Jul 28, 1997 6:24 pm | |
| Matthew N. Dodd | Jul 28, 1997 6:41 pm | |
| Robert Watson | Jul 28, 1997 6:59 pm | |
| Robert Watson | Jul 28, 1997 7:00 pm | |
| Vincent Poy | Jul 28, 1997 7:01 pm | |
| Vincent Poy | Jul 28, 1997 7:04 pm | |
| Matthew N. Dodd | Jul 28, 1997 7:19 pm | |
| John Preisler | Jul 28, 1997 7:31 pm | |
| Brian Buchanan | Jul 28, 1997 7:52 pm | |
| John Dowdal | Jul 28, 1997 8:29 pm | |
| Annelise Anderson | Jul 28, 1997 8:41 pm | |
| Nate Williams | Jul 28, 1997 9:09 pm | |
| Vincent Poy | Jul 28, 1997 9:12 pm | |
| Vincent Poy | Jul 28, 1997 9:15 pm | |
| Vincent Poy | Jul 28, 1997 9:19 pm | |
| Heikki Suonsivu | Jul 28, 1997 9:33 pm | |
| Jan Koum | Jul 28, 1997 9:39 pm | |
| Vincent Poy | Jul 28, 1997 9:49 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:05 pm | |
| Vincent Poy | Jul 28, 1997 10:14 pm | |
| Gary Palmer | Jul 28, 1997 10:27 pm | |
| Gary Palmer | Jul 28, 1997 10:28 pm | |
| Vincent Poy | Jul 28, 1997 10:35 pm | |
| Vincent Poy | Jul 28, 1997 10:37 pm | |
| John-David Childs | Jul 28, 1997 10:38 pm | |
| Gary Palmer | Jul 28, 1997 10:40 pm | |
| Vincent Poy | Jul 28, 1997 10:44 pm | |
| Gary Palmer | Jul 28, 1997 10:50 pm | |
| Vincent Poy | Jul 28, 1997 10:55 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:59 pm | |
| Vincent Poy | Jul 28, 1997 11:01 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:07 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:11 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:16 pm | |
| Sergei S. Laskavy | Jul 29, 1997 12:13 am | |
| John-David Childs | Jul 29, 1997 2:09 am | |
| Narvi | Jul 29, 1997 2:48 am | |
| Stephen D. Spencer | Jul 29, 1997 3:43 am | |
| Robert Watson | Jul 29, 1997 5:32 am | |
| Adam Shostack | Jul 29, 1997 5:49 am | |
| Robert Watson | Jul 29, 1997 6:39 am | |
| Nate Williams | Jul 29, 1997 7:19 am | |
| Rodney W. Grimes | Jul 29, 1997 8:58 am | |
| Warner Losh | Jul 29, 1997 9:25 am | |
| Warner Losh | Jul 29, 1997 9:34 am | |
| Christopher Petrilli | Jul 29, 1997 9:52 am | |
| Jim Shankland | Jul 29, 1997 9:57 am | |
| John Dowdal | Jul 29, 1997 10:50 am | |
| Poul-Henning Kamp | Jul 29, 1997 12:05 pm | |
| Bill Pechter | Jul 29, 1997 12:29 pm | |
| Matthew Hunt | Jul 29, 1997 12:37 pm | |
| Christopher Petrilli | Jul 29, 1997 12:43 pm | |
| [Mario1-] | Jul 29, 1997 1:07 pm | |
| 55 later messages | ||
| Subject: | Re: Detecting sniffers (was: Re: security hole in FreeBSD) | |
|---|---|---|
| From: | Robert Watson (rob...@cyrus.watson.org) | |
| Date: | Jul 28, 1997 6:59:18 pm | |
| List: | org.freebsd.freebsd-security | |
On Mon, 28 Jul 1997, Brian Buchanan wrote:
On Mon, 28 Jul 1997, Nicole H. wrote:
Does anyone know of a good way to detect people "sniffing" on the network? IE a
program that will detect a
machine running in promiscuous mode?
I was wondering the same thing when I read a clause prohibiting the use of network cards in promiscuous mode in the CMU network use policy. I asked some computer security people I knew about this and their response was that it is not possible to detect if a network card is in promiscious mode unless you have access to the machine it's in - i.e., that you can look at ifconfig on that machine.
As far as I know, there is no way to tell. The card has a filter on it that normal just doesn't provide the packets that aren't intended for the host. Promiscuous mode simply disables the filter. The only way to prevent the packets from being sniffable is to prevent them from going on the wire in question -- smart hubs (switches) do this, so are desirable. They also increase available bandwidth, as only the required traffic goes on a segment. They're also more expensive, although prices are really dropping.
Robert N Watson
Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Security Research, Trusted Information Systems http://www.tis.com/ Network Administrator, SafePort Network Services http://www.safeport.com/ rob...@fledge.watson.org rwat...@tis.com http://www.watson.org/~robert/