The issue isn't someone coming in the promiscuous interface. The issue is a
hacker compromising the machine by getting in another interface and
discovering that there is sniffer software on the machine. You have made
the hacker's job really easy.
Of course, a good hacker would be able to install sniffer software on a
compromised machine anyway.
Priscilla
>-----Original Message-----
>From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, August 22, 2001 4:04 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Promiscous interface and remote users [7:16734]
>
>
>If it is truely in promiscuos mode, there should not be any problem. You
>can test this by pinging the ip address. (It should not respond)
>
>alot of drivers do not allow for full promiscuity however. Remember it's
>not the app that talks to the nic, it's the driver. Some companies do offer
>promiscuous drivers however if yours does not. NAI also has their own
>drivers built for specific nics. (of course you ahve to use they're product
>to take advantage) These drivers are advanced prmiscuous drivers that allow
>you to see runts and the like across the wire.
>
>But if you are willing to take a server down by putting it's nic in
>promiscuous mode, why not just unbind IP from that interface?
>
>-Patrick
>
> >>> "Subba Rao" 08/21/01 05:39PM >>>
>Hi,
>
>We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet
>interfaces
>on both the systems in promiscuous mode. Currently we are not worried about
>any local
>users on the system. Are there any threats from remote users on the
>promiscuous interface,
>on either system? When I say "remote users", I am talking about John Doe on
>our network who
>has no business with either of these system. John Doe could be on Internet
>as well but has
>no user accounts on these systems. Would he get any vulnerable information
>from the sniffer
>interfaces on either system?
>
>Thank you in advance for any info.
>--
>
>Subba Rao
>[EMAIL PROTECTED]
>http://members.home.net/subba9/
>
>GPG public key ID CCB7344E
>Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E
________________________
Priscilla Oppenheimer
http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16855&t=16734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
