Bugtraq mailing list archives
Re: promiscuous mode
From: Mark.Graff () Eng Sun COM ( Mark Graff )
Date: Thu, 4 May 1995 17:38:58 -0700
Dave said:
The "stream" is not in promiscuous mode, but an interface might be (that's the gist of all this traffic about TDRs, etc.) If you want to check your own system's interface, try one of these:
http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Cpm http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Ifstatus
Naw, that's won't help. Both of those programs are for SunOS 4.1.x, and work fine. But Geoff was asking about Solaris 2.x. That's a different kettle of fish (and I mean that in the nicest way). For those of you who haven't seen it here is a posting I made on the same subject today on comp.security.unix. All the same considerations apply--including the parts where I say this has been discussed here before and how I would rather continue this discussion individually. -mg- [posting begins] This has been discussed several times here, but it's been a while. Here is my current understanding of the situation. First, this problem is completely solved for SunOS 4.1.x. I am aware of two main approaches. Let me know privately if you want details. The situation is much more complicated for Solaris 2.x. 1. The PROMISC feature in the Solaris 2.x ifconfig is broken. The ifconfig program will not report the controller to be in promiscuous mode, even if it is. (This feature works fine in 4.1.x.) 2. No generally available public domain software does the job either. I have seen some promising starts toward a promiscuous-mode detection scheme for Solaris 2.x, and I believe it is possible, and even feasible. But nothing is available today so far as I know. 3. Since the problem was pointed out last year Sun has taken a careful look at the problem. The technical difficulty--and now we approach the edge of my expertise--is that the DLPI interface between the kernel and the device drivers does not provide for transport of the needed data. That is, the protocol does not provide for a general (device-independent) way for the kernel to find out from the ethernet controller the state of the "promiscuous mode" flag. 4. I have seen some code--not from Sun--which comes very close to solving the problem by checking the status flags on each interface card. Unfortunately the only way to do this seems to be to read directly through the kvm interface. This means (as I understand it) that a program that ran on all configurations would require specific code for each supported ethernet interface card. That might seem like a small set; but when you consider that Solaris 2.4 now runs on x86 as a coequal platform, this is a real complication. 5. The code I refer to above will not run successfully on at least of our major hardware platforms. I am not sure why but know that that is being looked at now, today. It may be a bug on our side; and I can't think of any reason we wouldn't fix it, if it is. My understanding is that Sun has no current plans to either (1) develop our own general solution or (2) release and/or support a public domain program to do the job. If, however, I personally become aware of a solution to the problem which is reliable and generally useful, I will make that information known here. This is the situation as I understand it today. Please contact me personally for any followup. I am not trying to give an official position statement here--just fill some folks in on what I know of the issues. -mg- Mark Graff Sun Security Coordinator 415-688-9151 security-alert () sun com mark.graff () sun com [posting ends] From owner-bugtraq () fc net Thu May 4 16:37:34 1995 Subject: Re: promiscuous mode To: mulligan () incog com Date: Thu, 4 May 1995 15:42:38 -0700 (PDT) Cc: bugtraq () fc net X-Url: http://www.cac.washington.edu/People/dad/ Precedence: bulk
Some one said that they new how via streams messages to find out if the stream is in promiscuous mode? I don't think that this is possible, but could they please reply?
The "stream" is not in promiscuous mode, but an interface might be (that's the gist of all this traffic about TDRs, etc.) If you want to check your own system's interface, try one of these: http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Cpm http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Ifstatus -- Dave Dittrich Client Services dittrich () cac washington edu Computing & Communications University of Washington <a href="http://www.cac.washington.edu/People/dad/"> Dave Dittrich / dittrich () cac washington edu</a>
Current thread:
- Re: promiscuous mode Mark Graff (May 04)