Date: Tue, 23 May 2000 20:35:17 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de> Cc: freebsd-net@FreeBSD.ORG Subject: Re: BPF vs. promiscuous mode Message-ID: <Pine.BSF.4.21.0005232030020.19221-100000@achilles.silby.com> In-Reply-To: <4.1.20000524031209.027cb820@mail.rz.fh-wilhelmshaven.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 May 2000, Olaf Hoyer wrote: > Its a chaotic peer-to-peer network, with a DHCP server and a gateway to > university. > We already had some sniffer attack to sniff out Pop3 passwords. > ... > I mean with fake adress that you pretend that your NIC had a differentz > adress fro,m that stored in PROM. > > Say, your NIC had an adress of (fictional) 00:00:00:1e:3d:2a and you could > make it appear to other boxes on the same network as say, > 3e:2e:4b:3d:5c:00, in this case I'd like to know > a) how this is done and > b) how can it be detected Well, as one of those pesky students who has reprogramming his MAC address on multiple occasions (so DHCP would give me the same IP when switching NICs), I'm curious why that's a problem. Changing IPs doesn't really pose any threat that I'm aware of, unless you're impersonating the gateway. (Such attacks may be doable even without changing MAC addresses, actually. I think impersonating the DHCP server would do - no packet sniffing required!) However, that's really unimportant anyway; it sounds like you're using regular hubs from your above statements. You should probably just get cheap switches; any other countermeasures to prevent sniffers are just going to take a lot of time, and not really be effective. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005232030020.19221-100000>