Bugtraq mailing list archives
Re: Hidden sniffer on unplumb'ed interface on Solaris
From: George Ellenburg <gellenburg () FREEDOM NET>
Date: Fri, 5 Jan 2001 16:47:19 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 05 January 2001 00:40, you streamed these bits across the ether:
After reading the following article (http://www.enteract.com/~robt/Docs/Howto/Sun/sniffer-trick.txt) by Rob Thomas, it was brought to my attention that a sniffer can be silently sitting on an unplumb'ed interface on Solaris. Not only is this dangerous for large networks, it is often hard to find. Has anyone ever contacted Sun about this potential problem...I'm fixing to try this on Solaris 8 to determine if the problem still exists. Robert
I don't actually consider this to be a problem. This is how some network IDSes are able to work (RealSecure for one) and can avoid all risk of IP based attacks (since there's no ipaddr on the if). But, the interfaces are able to found, you just need to look for the MAC address and not the IP. ;-) Checking the ARP tables of your switches and routers should bring a rogue interface that doesn't have an ipaddr assigned to it. Regards, George Ellenburg - -- PGP Preferred for communication. Please use the attached public key when sending me Email. Unencrypted messages are readable by third-parties. If you don't see the need for encrypting your Email, ask yourself why correspondence is mailed in envelopes instead of written on postcards. Privacy is a right, not a privilege! If we don't exercise our rights to privacy, they will soon be gone. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6VkDwFaIkZF64J+8RAlKgAKCska6RFEVf0ayOovuZRylVIK+vbQCffqRC +aM03PMxVjKCazIv0RZtWo4= =tc/O -----END PGP SIGNATURE-----
Current thread:
- Hidden sniffer on unplumb'ed interface on Solaris Robert Banniza (Jan 05)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Mike Bristow (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris George Ellenburg (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Casper Dik (Jan 09)
- <Possible follow-ups>
- Re: Hidden sniffer on unplumb'ed interface on Solaris Darren Moffat (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Chris St. Clair (Jan 08)