On Fri, Dec 10, 1999 at 12:16:31PM -0800, Wolfgang Rupprecht wrote:
> 
> mcr@sandelman.ottawa.on.ca (Michael Richardson) writes:
> >   The technique is to send an ICMP ping addressed to the node at the IP
> > layer, but not addressed to the node at the ethernet layer.
> 
> I can think of a few more probes like this that are possible.  One can
> also slap on a MAC multicast address and the NIC's IP address and see
> if the NIC is listening to that ethernet multicast.
> 
> I'm not sure that the information that these probes provide is at all
> damaging from a security standpoint.  The probe just shows if the MAC
> filters are pre-filtering ethernet traffic or not.

Hm.

But our IP layer should reject packets with IPv4 unicast addresses, that are
targeted at link multicast addresses, right? (If I recall
${ROLE}_REQUIREMENTS right.)

So my guess at the description of the mechanism is that somehow
the M_MCAST/M_BCAST marking isn't done right in case of promiscuous
mode, and this is definitely a bug.

Regards,
	-is