Great Circle Associates Firewalls
(November 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Promiscuous mode on ethernet
From: <mark_kadrich @ ins . com> (Mark S. Kadrich)
Date: Mon, 28 Nov 1994 13:56:37 -0800
To: williams @ gki . com (Tim Williams), Firewalls @ GreatCircle . COM

At 11:27 AM 11/18/94 EST, Tim Williams wrote:
>> > Can a PC running a sniffer that sets the ethernet card to
>> > promiscous mode be detected by same? Or other methods?
>> > 
>> > Our students are getting more "educated."  :(
>> These sounds like it's good for your students and bad for you.
>> I do not think it possible to detect a remote machine snarfing packets.
>> There is not much you can do. MS-DOG, I mean DOS, has no concept of 
>> permissions. You can make small isolated subnets and threaten users with 
>> stiff penalties for sniffing. In the end you will probably have to chalk 
>> that subnet up as being insecure unless someone has a better solution.
>One other possibility to keep people from using their machine to scarf packets
>from the network is to use a network card that provides access 
>control between host systems (which hosts can talk to which hosts) and 
>also encrypts all transfers on the network.  Such a beast has been around for 
>a few years (since 1985) and has been evaluated by NSA as a B2 level 
>network component.  The product's name is VSLAN and is sold by my company 
>General Kinetics Inc.  It's not cheap (about 1K per network board) so it 
>might be overkill for some/most commercial situations but if you REALLY WANT 
>TO BE SURE that a user can't sit back in his PC, SUN, MAC, etc. and soak up 
>everything on your network then this is for you.
>Tim Williams
Not only is this product expensive but it's a pain in the #$%.  I think you
may be better off living with the pain of a segmented/bridged net then
dealing with VSLAN. 
Mark S. Kadrich, Systems Engineer, International Network Services
"The Power of Operable Networks"
Voice @ 415-254-4225, Page @ 1-800-759-7243; PIN 879-5783
e-mail @ kadrich @
 uni .
 ins .
We must all condsider our place in the scheme of things,
least we forget its effect on our own schemes.

Indexed By Date Previous: Re: Firewalls for Novell (IPX) internetworking???
From: <mark_kadrich @ ins . com> (Mark S. Kadrich)
Next: Re: Unix on Pentium for firewall
From: "Daniel O'Callaghan" <danny @ www . unimelb . edu . au>
Indexed By Thread Previous: Re: Promiscuous mode on ethernet
From: <mark_kadrich @ ins . com> (Mark S. Kadrich)
Next: A bit of DNS help
From: Phil Cox <pcc @ stealth . ran . sandia . gov>

Search Internet Search