Bugtraq mailing list archives
Re: snooper watchers
From: jna () concorde com (John Adams)
Date: Thu, 23 Feb 1995 10:02:29 -0500
If you're at the point where you're worried about someone placing an interface in promiscuous mode, it's probably too late for the rest of your system. A greater emphasis needs to be placed on securing the machine itself, and not creating workarounds that monitor the interfaces. Are you going to write a program that checks to see if root's cronjob has been modified? Probably not, and if someone has access to /dev/nit, they're going to have access to root's cronjob as well. The best thing for you to do is completely remove /dev/nit from the system, and make sure noone can get access to mknod to recreate it. Also, realize that snooping can occur _anywhere_ in your network. Unless you're willing to shield all of the cable in your building with some massively thick steel conduit, and place video cameras and armed guards at every network 'T' connection, you're vunerable. -john
Current thread:
- Re: snooper watchers Mark Graff (Feb 22)
- Re: snooper watchers Casper Dik (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Casper Dik (Feb 23)
- Re: lsof on Solaris 2.4 (was snooper watchers ) Dave Goldberg (Feb 23)
- <Possible follow-ups>
- Re: snooper watchers John Adams (Feb 23)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Karl Strickland (Feb 28)
- Re: snooper watchers Julian Assange (Feb 28)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)
- Re: snooper watchers Eiji Hirai (Feb 24)
- Re: snooper watchers Gene Rackow (Feb 25)
- Re: snooper watchers Timothy Newsham (Feb 25)
- Re: snooper watchers Darren Reed (Feb 25)
- Re: snooper watchers Gene Rackow (Feb 25)