Is promiscuous mode bad?
Geert Hendrickx
geert.hendrickx at ua.ac.be
Fri Aug 20 09:02:18 PDT 2004
On Mon, Aug 16, 2004 at 02:24:00PM +0200, Ruben de Groot wrote:
> On Sun, Aug 15, 2004 at 07:53:10PM -0700, Kevin Stevens typed:
> >
> > A lot of network scanners also trigger on NICS in promiscuous mode
> > (there's a way to detect them, I forget the details at the moment)
> > because admins want to know if any hosts are out there sniffing.
>
> How sure are you about that? AFAIK there's no way to detect a NIC in
> promiscuous mode *from the outside*. I would be very interested in a network
> scanner that could.
IIRC, Linux has/had a bug in it's network stack which could reveal
promisc. mode to the outside. It would reply to all icmp-packets with
the correct ip, whatever mac-adress used. So if you'd ping a Linux box
twice, but with different mac-adresses, and it replies to both, you'd
know it's set in promisc. mode.
I don't know whether this applies to FreeBSD.
GH
>
> Ruben
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list