Great Circle Associates Firewalls
(November 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Promiscuous PCs
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date: Wed, 16 Nov 94 13:54:42 -0500
To: "firewalls @ greatcircle . com"@UVS1.dnet.mmc.com
Cc: "wbuttles @ gopher . champlain . edu"@UVS1.dnet.mmc.com

Wayne rites:
>Can a PC running a sniffer that sets the ethernet card to
>promiscous mode be detected by same? Or other methods?

Well, I suppose you could tell if you could run a program on the PC
in question but otherwise "sniffing" is a passive act (each card
receives every packet on its line at all times, normally the card
discards those it does not use but this decision is made internally.

IMHO, your only real capability is to restrict which packets on each line
are intelligable (there are a couple of hubs that do this) but this
is available only with 10Base-T).

For several years I have operated under the premise that everything I put
onto a network not only *can* be read, it *will* be read and use PGP/OTP
devices when appropriate.
				Very wetly,
					Padgett

ps Many roads are now closed with flooding reported on both I-4 and the
   expressway. My employer considered letting everyone go home early, but 
   instead they are willing to let anyone who wants to stay and work all 
   night. (and if you believe that one, I have this bridge...)

Indexed By Date Previous: Re: promiscuous mode on ethernet card-question.
From: Ted Lemon <mellon @ ipd . wellsfargo . com>
Next: Re: promiscuous mode on ethernet card-question.
From: Jason Matthews <jason @ dickory . SDSU . Edu>
Indexed By Thread Previous: Sidewinder Downtime
From: Rich=Gautier%SP-23DC%DRC @ S1 . DRC . COM
Next: New list: Sneakers @ CS . Yale,EDU - was Re: Sidewinder: Phone Outage
From: long-morrow @ CS . YALE . EDU (H Morrow Long)

Google
 
Search Internet Search www.greatcircle.com