Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ethernet cards & promisc mode

From: lordvadr () POBOX COM (C.J. Oster)
Date: Thu, 4 May 2000 10:35:40 -0500

I'm fairly sure it's a driver issue, not the card allowing you to do so or
not.  You could always take the kernel module and turn off it's ability to
enter promisc mode.  You may have to hack the ethernet layer also.
Promisc mode just means the driver stops checking it's hardware address
against the destination address, so I belive that this is a driver issue.
You can only enter promisc mode as root anyway, so if an attacker got that
far, nothing prevents him from building a working driver and using that.
You could force the attacker to build an entire kernel and reboot the
machine by building the card driver into the kernel rather than a module,
but one can still work around that as well.

-CJO-

On Wed, 3 May 2000, Security Team wrote:


are there any ethernet cards on the market that work well with linux, that
dont allow you
to go into promisc mode?

kw




             C.J. Oster (Linux Guru/Surge Addict) cjo () pobox com
   ----------------------------------------------------------------------
          Network Security Manager      Unix System Administrator
             For BHNet, Bromley Hall    Workstation Services Group/CCSO
          Hoover and Associates         University of Illinois at
          security () bromleygroup com        Urbana-Champaign
          (217)355.1132                 (217)265.8427
   ----------------------------------------------------------------------

         PGP: 87D5 4216 43A1 42D6 754D  8F5E 24B3 992A B7A1 F556

       "If builders built buildings like programmers write programs,
        the first woodpecker that came along would have destroyed
        civilization."  --Murphy
Previous By Date Next
Previous By Thread Next

Current thread: