[18452] in bugtraq
Re: Hidden sniffer on unplumb'ed interface on Solaris
daemon@ATHENA.MIT.EDU (Mike Bristow)
Mon Jan 8 11:48:11 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010105195655.A35601@lindt.urgle.com>
Date: Fri, 5 Jan 2001 19:56:55 +0000
Reply-To: Mike Bristow <mike@URGLE.COM>
From: Mike Bristow <mike@URGLE.COM>
X-To: Robert Banniza <robert@ROOTPROMPT.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <GMEDKMKMEBENJMBLDHAIAEHECKAA.robert@rootprompt.net>; from
robert@ROOTPROMPT.NET on Thu, Jan 04, 2001 at 09:40:33PM -0800
On Thu, Jan 04, 2001 at 09:40:33PM -0800, Robert Banniza wrote:
> After reading the following article
> (http://www.enteract.com/~robt/Docs/Howto/Sun/sniffer-trick.txt) by Rob
> Thomas, it was brought to my attention that a sniffer can be silently
> sitting on an unplumb'ed interface on Solaris. Not only is this dangerous
> for large networks, it is often hard to find. Has anyone ever contacted Sun
> about this potential problem...I'm fixing to try this on Solaris 8 to
> determine if the problem still exists.
Equally, it's nice to be able to have your IDS be able to see the
network it's detecting intrusions on, without being visable from
that network.
Like most features, there are good & bad points; overall I like the
ability.
--
Mike Bristow, seebitwopie
