Bugtraq mailing list archives
Re: snooper watchers
From: econrad () bu edu (Eric Conrad)
Date: Wed, 22 Feb 1995 16:48:33 -0500 (EST)
I'm doing some work for a client who has had some suggestions that they run a program to watch the state of ifconfig, and send mail if the interface ever goes promiscuous. This works just fine under SunOS 4.x, however, their concern is that this does not appear to work for Solaris 2.x.
The first thing many crackers do is replace ifconfig with a trojan that
won't report when an interface is in promiscuous mode.
You could look at 'cpm', which will also show when an interface is
promiscuous. It's available from ftp.cert.org. You're still in the same
boat if someone replaces it with their own, however.
...Eric
Current thread:
- MAILING REQUEST, (continued)
- MAILING REQUEST Anonymous the XXIIV (Feb 18)
- Re: mail.local.c patch Neil Woods (Feb 18)
- Re: mail.local.c patch Christopher Samuel (Feb 20)
- HP-UX Problem... Mr Martin J Hargreaves (Feb 19)
- Re: HP-UX Problem... Aaron Sherman (Feb 20)
- Re: HP-UX Problem... Andrew Hughes (Feb 20)
- Bugtraq mailing list William B. Chmura (Feb 21)
- fcntl() file locking under Solaris 2.4 Jas (Feb 21)
- Re: fcntl() file locking under Solaris 2.4 Jas (Feb 22)
- snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Eric Conrad (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
- Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
- Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
- Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
- Re: HP-UX Problem... Aaron Sherman (Feb 20)
- Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
- new sendmail bug? James W. Abendschan (Feb 22)
- Re: new sendmail bug? joel (Feb 22)
- Re: new sendmail bug? Dave Horsfall (Feb 22)
- Sendmail 8.6.10: what's different? der Mouse (Feb 23)