Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: promiscuous mode

From: Mark.Graff () Eng Sun COM ( Mark Graff )
Date: Thu, 4 May 1995 17:38:58 -0700

Dave said:


The "stream" is not in promiscuous mode, but an interface might be
(that's the gist of all this traffic about TDRs, etc.)  If you want to
check your own system's interface, try one of these:

 

      http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Cpm
      http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Ifstatus

 
Naw, that's won't help. Both of those programs are for SunOS 4.1.x,
and work fine. But Geoff was asking about Solaris 2.x. That's a
different kettle of fish (and I mean that in the nicest way).

For those of you who haven't seen it here is a posting I made on the
same subject today on comp.security.unix. All the same considerations
apply--including the parts where I say this has been discussed here
before and how I would rather continue this discussion individually.

-mg-

[posting begins]

This has been discussed several times here, but it's been a while.
Here is my current understanding of the situation.

First, this problem is completely solved for SunOS 4.1.x. I am aware
of two main approaches. Let me know privately if you want details.

The situation is much more complicated for Solaris 2.x.

1. The PROMISC feature in the Solaris 2.x ifconfig is broken. The ifconfig
program will not report the controller to be in promiscuous mode, even if
it is. (This feature works fine in 4.1.x.)

2. No generally available public domain software does the job either. I
have seen some promising starts toward a promiscuous-mode detection
scheme for Solaris 2.x, and I believe it is possible, and even feasible.
But nothing is available today so far as I know.

3. Since the problem was pointed out last year Sun has taken a careful
look at the problem. The technical difficulty--and now we approach the
edge of my expertise--is that the DLPI interface between the kernel and
the device drivers does not provide for transport of the needed data.
That is, the protocol does not provide for a general
(device-independent) way for the kernel to find out from the ethernet
controller the state of the "promiscuous mode" flag.

4. I have seen some code--not from Sun--which comes very close to
solving the problem by checking the status flags on each interface
card. Unfortunately the only way to do this seems to be to read
directly through the kvm interface. This means (as I understand it)
that a program that ran on all configurations would require specific
code for each supported ethernet interface card. That might seem like a
small set; but when you consider that Solaris 2.4 now runs on x86 as 
a coequal platform, this is a real complication.

5. The code I refer to above will not run successfully on at least
of our major hardware platforms. I am not sure why but know that
that is being looked at now, today. It may be a bug on our side;
and I can't think of any reason we wouldn't fix it, if it is.
My understanding is that Sun has no current plans to either (1) develop
our own general solution or (2) release and/or support a public domain
program to do the job. If, however, I personally become aware of a
solution to the problem which is reliable and generally useful, I will
make that information known here.

This is the situation as I understand it today. Please contact me
personally for any followup. I am not trying to give an official
position statement here--just fill some folks in on what I know of
the issues.

-mg-

Mark Graff
Sun Security Coordinator
415-688-9151
security-alert () sun com
mark.graff () sun com

[posting ends]

 From owner-bugtraq () fc net  Thu May  4 16:37:34 1995
 Subject: Re: promiscuous mode
 To: mulligan () incog com
 Date: Thu, 4 May 1995 15:42:38 -0700 (PDT)
 Cc: bugtraq () fc net
 X-Url: http://www.cac.washington.edu/People/dad/
 Precedence: bulk
 

Some one said that they new how via streams messages to find out if the
stream is in promiscuous mode?  I don't think that this is possible, but
could they please reply? 

 
 The "stream" is not in promiscuous mode, but an interface might be
 (that's the gist of all this traffic about TDRs, etc.)  If you want to
 check your own system's interface, try one of these:
 
        http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Cpm
        http://ciac.llnl.gov/ciac/ToolsUnixSysMon.html#Ifstatus
 
 -- 
 Dave Dittrich                  Client Services
 dittrich () cac washington edu    Computing & Communications
                                University of Washington
 
 <a href="http://www.cac.washington.edu/People/dad/";>
 Dave Dittrich / dittrich () cac washington edu</a>
Previous By Date Next
Previous By Thread Next

Current thread: