tech-net: Re: a remote user can check promiscuous mode

Subject: Re: a remote user can check promiscuous mode
To: None <tech-net@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: tech-net
Date: 12/10/1999 12:16:31

mcr@sandelman.ottawa.on.ca (Michael Richardson) writes:
>   The technique is to send an ICMP ping addressed to the node at the IP
> layer, but not addressed to the node at the ethernet layer.

I can think of a few more probes like this that are possible.  One can
also slap on a MAC multicast address and the NIC's IP address and see
if the NIC is listening to that ethernet multicast.

I'm not sure that the information that these probes provide is at all
damaging from a security standpoint.  The probe just shows if the MAC
filters are pre-filtering ethernet traffic or not.

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet  http://www.wsrcc.com/wolfgang/gps/dgps-ip.html