[1036] in bugtraq
Re: snooper watchers
daemon@ATHENA.MIT.EDU (Mark Graff )
Wed Feb 22 16:31:42 1995
Date: Wed, 22 Feb 1995 11:07:27 -0800
From: Mark.Graff@Eng.Sun.COM ( Mark Graff )
To: bugtraq@fc.net, bent@snm.com
Cc: Mark.Graff@Eng.Sun.COM
Ben,
You're right, the old method won't work under Solaris 2.x and a
replacement is (sort of) in the works. That is, I've heard of
efforts both inside and outside of Sun, but no definite plan yet.
Internally, we've been looking into a couple of possibilities.
I don't know whether a decision has been made as to what to do;
I do know that it's a harder problem to solve than it might
appear, because of differences in the kernel/driver interface.
There is a fellow outside of Sun who has done some good work
on this and I will contact him to see if he is in a position
to discuss it or share it.
-mg-
From owner-bugtraq@fc.net Wed Feb 22 10:50:28 1995
Date: Wed, 22 Feb 1995 12:35:55 -0500 (EST)
To: bugtraq@fc.net
Subject: snooper watchers
Precedence: bulk
I'm doing some work for a client who has had some suggestions that they
run a program to watch the state of ifconfig, and send mail if the
interface ever goes promiscuous. This works just fine under SunOS 4.x,
however, their concern is that this does not appear to work for Solaris 2.x.
I have noticed that snoop in promiscuous mode does not affect the
status from ifconfig, so the current method for looking for a
promiscuous interface wont do them any good. I'll be looking into
this, but I figured I'd ask here to see if anyone has done something
like this. (I haven't seen a snooper for 2.x like the SunOS one, but with
tools like snoop, I assume that one is in the works someplace.)
Thanks,
Ben
--
Ben Taylor --- Chief Information Officer --- Smoke N' Mirrors, Inc.
-=-=-=-=-=-=-=- Services for Systems Integration -=-=-=-=-=-=-=-=-
bent@snm.com "Where the impossible jobs get done!" (703) 318-1440
580 Herndon Pkwy, Suite 300, Herndon VA, 22070
