[18621] in bugtraq
ifstatus 1.3 released
daemon@ATHENA.MIT.EDU (Rob Thomas)
Mon Jan 15 14:54:08 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.02.10101150821370.28514-100000@bilbo.sauron.net>
Date: Mon, 15 Jan 2001 08:35:03 -0600
Reply-To: Rob Thomas <robt@CYMRU.COM>
From: Rob Thomas <robt@CYMRU.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello.
Recently, one of my articles was posted to Bugtraq. This article
detailed a method of creating a "hidden sniffer" on a Sun box.
The article may be perused here:
http://www.cymru.com/~robt/Docs/Howto/Sun/sniffer-trick.txt
To alleviate the concerns some of you have shared, I have updated
Dave Curry's ifstatus tool so that HME and QFE interfaces in
promiscuous mode, under Solaris 8, can be detected and noted.
You will find the tool in the Tools section of my web site under
the "ifstatus" hyperlink:
http://www.cymru.com/~robt/Tools
My thanks to Dave Curry, Neil Long, and Michael Hill for all of
the assistance and input!
As an aside, I do not consider the "sniffer trick" to be a bug in
the Solaris OS. Those who read the article, and grok STREAMS and
the Sun implementation of the IP stack, are likely to come to the
same conclusion.
Comments and feedback are always welcome! Please send any input
directly to me, as I don't always manage to keep up with the various
list postings.
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com/~robt
cmn_err(CE_PANIC, "Out of coffee...");
