Bugtraq mailing list archives
Re: snooper watchers
From: jna () concorde com (John Adams)
Date: Thu, 23 Feb 1995 10:02:29 -0500
If you're at the point where you're worried about someone placing an
interface in promiscuous mode, it's probably too late for the rest
of your system. A greater emphasis needs to be placed on securing the
machine itself, and not creating workarounds that monitor the interfaces.
Are you going to write a program that checks to see if root's cronjob has
been modified? Probably not, and if someone has access to /dev/nit, they're
going to have access to root's cronjob as well.
The best thing for you to do is completely remove /dev/nit from the system,
and make sure noone can get access to mknod to recreate it.
Also, realize that snooping can occur _anywhere_ in your network. Unless
you're willing to shield all of the cable in your building with some
massively thick steel conduit, and place video cameras and armed guards at
every network 'T' connection, you're vunerable.
-john
Current thread:
- Re: snooper watchers Mark Graff (Feb 22)
- Re: snooper watchers Casper Dik (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Casper Dik (Feb 23)
- Re: lsof on Solaris 2.4 (was snooper watchers ) Dave Goldberg (Feb 23)
- <Possible follow-ups>
- Re: snooper watchers John Adams (Feb 23)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Karl Strickland (Feb 28)
- Re: snooper watchers Julian Assange (Feb 28)
- Re: snooper watchers Julian Assange (Feb 23)
- Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)
- Re: snooper watchers Eiji Hirai (Feb 24)
- Re: snooper watchers Gene Rackow (Feb 25)
- Re: snooper watchers Timothy Newsham (Feb 25)
- Re: snooper watchers Darren Reed (Feb 25)
- Re: snooper watchers Gene Rackow (Feb 25)