|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ethernet cards & promisc mode
From: Granquist, Lamont (lamont
ICOPYRIGHT.COM)Date: Thu May 04 2000 - 15:17:48 CDT
- Next message: Seth R Arnold: "Re: pcAnywhere weak passwords encryption in configuration files"
- Previous message: Elias Levy: "Re: IL0VEY0U worm"
- In reply to: C.J. Oster: "Re: ethernet cards & promisc mode"
- Next in thread: David LaPorte: "Re: ethernet cards & promisc mode"
- Next in thread: Stuart Henderson: "Re: ethernet cards & promisc mode"
- Next in thread: Bluefish: "Re: Blind Remote Buffer Overflow"
- Reply: Granquist, Lamont: "Re: ethernet cards & promisc mode"
- Reply: David LaPorte: "Re: ethernet cards & promisc mode"
- Reply: Dragos Ruiu: "Re: ethernet cards & promisc mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Disabling capabilities (e.g. CAP_KILL CAP_LINUX_IMMUTABLE CAP_NET_ADMIN
CAP_NET_RAW CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_PTRACE CAP_SYS_ADMIN
CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_TTY_CONFIG) should go a long way towards
preventing these kinds of attacks.
On Thu, 4 May 2000, C.J. Oster wrote:
> I'm fairly sure it's a driver issue, not the card allowing you to do so or
> not. You could always take the kernel module and turn off it's ability to
> enter promisc mode. You may have to hack the ethernet layer also.
> Promisc mode just means the driver stops checking it's hardware address
> against the destination address, so I belive that this is a driver issue.
> You can only enter promisc mode as root anyway, so if an attacker got that
> far, nothing prevents him from building a working driver and using that.
> You could force the attacker to build an entire kernel and reboot the
> machine by building the card driver into the kernel rather than a module,
> but one can still work around that as well.
>
> -CJO-
>
> On Wed, 3 May 2000, Security Team wrote:
>
> >are there any ethernet cards on the market that work well with linux, that
> >dont allow you
> >to go into promisc mode?
> >
> >kw
> >
> >
>
> C.J. Oster (Linux Guru/Surge Addict) cjopobox.com
> ----------------------------------------------------------------------
> Network Security Manager Unix System Administrator
> For BHNet, Bromley Hall Workstation Services Group/CCSO
> Hoover and Associates University of Illinois at
> securitybromleygroup.com Urbana-Champaign
> (217)355.1132 (217)265.8427
> ----------------------------------------------------------------------
>
> PGP: 87D5 4216 43A1 42D6 754D 8F5E 24B3 992A B7A1 F556
>
> "If builders built buildings like programmers write programs,
> the first woodpecker that came along would have destroyed
> civilization." --Murphy
>
- Next message: Seth R Arnold: "Re: pcAnywhere weak passwords encryption in configuration files"
- Previous message: Elias Levy: "Re: IL0VEY0U worm"
- In reply to: C.J. Oster: "Re: ethernet cards & promisc mode"
- Next in thread: David LaPorte: "Re: ethernet cards & promisc mode"
- Next in thread: Stuart Henderson: "Re: ethernet cards & promisc mode"
- Next in thread: Bluefish: "Re: Blind Remote Buffer Overflow"
- Reply: Granquist, Lamont: "Re: ethernet cards & promisc mode"
- Reply: David LaPorte: "Re: ethernet cards & promisc mode"
- Reply: Dragos Ruiu: "Re: ethernet cards & promisc mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]