Subject: Re: a remote user can check promiscuous mode
To: Michael Richardson <firstname.lastname@example.org>
From: Charles M. Hannum <email@example.com>
Date: 12/10/1999 16:48:21
Michael Richardson <firstname.lastname@example.org> writes:
> >>>>> "Noriyuki" == Noriyuki Soda <email@example.com> writes:
> Noriyuki> http://www.l0pht.com/antisniff/tech-paper.html claims that a remote user
> Noriyuki> can examine that whether a interface of NetBSD machine is promiscuous
> Noriyuki> mode or not.
> The technique is to send an ICMP ping addressed to the node at the IP
> layer, but not addressed to the node at the ethernet layer.
Most drivers explicitly filter out packets to the `wrong' Ethernet
address after passing them up to BPF. Ones that don't should be