Date: Wed, 24 May 2000 00:15:55 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: freebsd-net@FreeBSD.ORG Subject: Re: BPF vs. promiscuous mode Message-ID: <Pine.BSF.4.21.0005240010160.19660-100000@achilles.silby.com> In-Reply-To: <4.1.20000524033815.00a76340@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 May 2000, Olaf Hoyer wrote: > Hi! > > Well, the IP assignment is not that problem. > > Fact is, that there are run some jobs that check if on some network segment > is some card present that is in promiscuous mode and /or has its MAC adress > changed, seen independently from the assigned (via DHCP) IP adress. (Of > course, you might assign your IP adress manually). > Are there some programs/techniques that do that? I'm sure there are programs which can detect such changes, I think someone mentioned arpwatch? > BSD or Linux, some program/trick/whatsoever that pretends(return to arp > queries) a different MAC adress than stored on the ROM of the NIC. Changing the MAC address of a NIC is extremely simple, it's easily done even in windows - don't single out students who run unix as troublemakers. > We have (due to costs) one cenral switch running (3com, IIRC), with about > of twelve hubs attached, which hold altogether about 235 connections. I guess the real issue is the question of if your network is configured in such a way that a student box could take the IP of one of your boxes (dns server, etc). If the only issue is students fooling with each other, I wouldn't worry too much about it, personally. Though logging as you mention above certainly can't hurt. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005240010160.19660-100000>