this was a question.
what is exactly "not have IP bound" and is it mean
Linux RedHat 6.2, kernel 2.2 : set the card IP to 0.0.0.0 as well as MAC to
00:00:00:00:00:00,
deny arp and multicasts but
leave card up ?
thank you in advance
toly
-----Original Message-----
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 4:09 PM
To: [EMAIL PROTECTED]
Subject: RE: Promiscous interface and remote users [7:16734]
well as long as nobody is on your local subnet, you should be fine... I mean
it would be nothing to throw in an invalid arp entry into workstation
containing your MAC, but they would first have to know your mac. If your
machine does not have ip bound do it they will not be able to arp for it
which means they can not connect to you remotely.
-Patrick
>>> "Anatoly Shein" 08/22/01 04:07PM >>>
Actually I talking about RedHat Linux 6.2 kernel 2.2
I set the card IP to 0.0.0.0 as well as MAC to 00:00:00:00:00:00
deny arp and multicasts.
But I still not sure that this solve security problems.
Yes, of cause, I can't be silent before I plug out cable from the network
socket.
The problem that I need to sniff the network and my card could be in UP
state to make this.
( Actually on Solaris you can sniff network with down NIC ! )
toly
-----Original Message-----
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 6:34 PM
To: Anatoly Shein; [EMAIL PROTECTED]
Subject: RE: Promiscous interface and remote users [7:16734]
It rally depends on your version of ifconfig/what kernel your using/what
adapter you have.
Tell us those things and we'll try and help.
otherwise read RTFM....
(granted the man page doesnt have the promisc flag, the option for you is
promisc.)
-humboldt
-----Original Message-----
From: Anatoly Shein [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 12:05 PM
To: [EMAIL PROTECTED]
Subject: RE: Promiscous interface and remote users [7:16734]
Hi
what are you mean exactly by "unbind IP from that interface"
is it
ifconfig 0.0.0.0
for UNIX or something else
thank you in advance
toly
-----Original Message-----
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 4:04 PM
To: [EMAIL PROTECTED]
Subject: Re: Promiscous interface and remote users [7:16734]
If it is truely in promiscuos mode, there should not be any problem. You
can test this by pinging the ip address. (It should not respond)
alot of drivers do not allow for full promiscuity however. Remember it's
not the app that talks to the nic, it's the driver. Some companies do offer
promiscuous drivers however if yours does not. NAI also has their own
drivers built for specific nics. (of course you ahve to use they're product
to take advantage) These drivers are advanced prmiscuous drivers that allow
you to see runts and the like across the wire.
But if you are willing to take a server down by putting it's nic in
promiscuous mode, why not just unbind IP from that interface?
-Patrick
>>> "Subba Rao" 08/21/01 05:39PM >>>
Hi,
We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet
interfaces
on both the systems in promiscuous mode. Currently we are not worried about
any local
users on the system. Are there any threats from remote users on the
promiscuous interface,
on either system? When I say "remote users", I am talking about John Doe on
our network who
has no business with either of these system. John Doe could be on Internet
as well but has
no user accounts on these systems. Would he get any vulnerable information
from the sniffer
interfaces on either system?
Thank you in advance for any info.
--
Subba Rao
[EMAIL PROTECTED]
http://members.home.net/subba9/
GPG public key ID CCB7344E
Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16989&t=16734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
