On Mon, Aug 16, 2004 at 02:24:00PM +0200, Ruben de Groot wrote: > On Sun, Aug 15, 2004 at 07:53:10PM -0700, Kevin Stevens typed: > > > > A lot of network scanners also trigger on NICS in promiscuous mode > > (there's a way to detect them, I forget the details at the moment) > > because admins want to know if any hosts are out there sniffing. > > How sure are you about that? AFAIK there's no way to detect a NIC in > promiscuous mode *from the outside*. I would be very interested in a network > scanner that could.
IIRC, Linux has/had a bug in it's network stack which could reveal promisc. mode to the outside. It would reply to all icmp-packets with the correct ip, whatever mac-adress used. So if you'd ping a Linux box twice, but with different mac-adresses, and it replies to both, you'd know it's set in promisc. mode. I don't know whether this applies to FreeBSD. GH > > Ruben > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
