In the last episode (Aug 16), Ruben de Groot said: > On Sun, Aug 15, 2004 at 07:53:10PM -0700, Kevin Stevens typed: > > A lot of network scanners also trigger on NICS in promiscuous mode > > (there's a way to detect them, I forget the details at the moment) > > because admins want to know if any hosts are out there sniffing. > > How sure are you about that? AFAIK there's no way to detect a NIC in > promiscuous mode *from the outside*. I would be very interested in a > network scanner that could.
The basic points are that since the kernel sees packets it usually doesn't, there may be codepaths that incorrectly process certain packets and send replies. There's also a small delay in processing all those extra packets that might be seen as extra latency in pings etc. As CPUs get faster and kernel bugs get fixed, these become harder and harder to detect. Do a web or usenet search for "detect promiscuous mode" for lots and lots of links. -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"