Vulnerability Development mailing list archives

Re: spoofing the ethernet address

From: timothy.miller () AFIWC01 AF MIL (Timothy J. Miller)
Date: Mon, 13 Mar 2000 07:36:31 -0600


"Buhrmaster, Gary" <gtb () SLAC STANFORD EDU> writes:

It is my hazy recollection that while some TR cards didn't
have a promiscuous mode, the important item was that the
specification required that if you enabled promiscuous
mode, the card was supposed to announce that fact on the
ring so that everyone now knew that someone was listening
(and the "management station" could go out and smack someone).


Correct.

Of course there were ways to get around that announcement,
there always are, but it showed some thought about the
issues.


In my experience, TR cards are fairly notorious for not doing what
they're supposed to.  For example, we had a condition on one of our
rings where MAC address test packets were being incorrectly responded
to, but only certain revisions of the TR cards on the ring were
properly kicking themselves out.  *That* one took some time to figure
out, (using a TR sniffer, as it happened) let me tell you.  8/

Current thread:

Re: MS Frontpage shtml.dll Path Leak Vulnerability, (continued)
- - - Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
    - Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
    - (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
    - Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
    - Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)
    - DoS in ArGoSoft FTP Server, Version 1.04 (1.0.4.4) for win* Knud Erik Hřjgaard (Feb 11)
    - Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
    - Security auditing of network infrastructure Martin M Samson (Mar 11)
    - information being stored from cgi forms Bob Johnson (Mar 10)
    - Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address Timothy J. Miller (Mar 13)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 14)
  - Re: spoofing the ethernet address John Flux (Mar 14)
  - Re: spoofing the ethernet address Juan M. Courcoul (Mar 15)
  - Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
  - AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
    - Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
    - Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 15)
- Re: spoofing the ethernet address James A. Robbins (Mar 15)
- Re: spoofing the ethernet address Pierre Landau (Mar 21)

(Thread continues...)