Date: Wed, 24 May 2000 03:19:28 +0200 From: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> To: freebsd-net@FreeBSD.ORG Subject: Re: BPF vs. promiscuous mode Message-ID: <4.1.20000524031209.027cb820@mail.rz.fh-wilhelmshaven.de> In-Reply-To: <200005240005.RAA00688@rhapture.apple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Also, what about detecting some folks using that from an administrative >> point of view, e.g. running some software like Antisniff? > >Check the mail archives. There are only mildly effective ways of >doing this. > >> BTW: Which mechanisms one can use to "fake" MAC entries on >(preferrable) >> Linux systems, and how to detect them? > >I'm not sure what a "fake" MAC 'entry' would be. First, 'entry' >where? Second, how "fake". Do you mean "different from the one >that's in the adapter's address ROM"? Third, this is a BSD list, not >a Linux list. If you need info specific to Linux, try a different >list. Hi! Well, I'm working on adiministering stuff on our local dorm. (Or what would be the correct term for that? ,-) Its a chaotic peer-to-peer network, with a DHCP server and a gateway to university. We already had some sniffer attack to sniff out Pop3 passwords. As some of the folks are running Linux, I'm also concerned of that possibility, so I have to take that into account. Some simple reference wou ld be enough. I mean with fake adress that you pretend that your NIC had a differentz adress fro,m that stored in PROM. Say, your NIC had an adress of (fictional) 00:00:00:1e:3d:2a and you could make it appear to other boxes on the same network as say, 3e:2e:4b:3d:5c:00, in this case I'd like to know a) how this is done and b) how can it be detected As Linux is more common than *BSD, I also have to take that possibility into account. Some general hints on the mechanism used there would be sufficient. Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- Turning PC's into workstations ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000524031209.027cb820>