Bugtraq mailing list archives

Re: Hidden sniffer on unplumb'ed interface on Solaris

From: Darren Moffat <Darren.Moffat () eng sun com>
Date: Fri, 5 Jan 2001 12:39:35 -0800

(http://www.enteract.com/~robt/Docs/Howto/Sun/sniffer-trick.txt) by Rob
Thomas, it was brought to my attention that a sniffer can be silently
sitting on an unplumb'ed interface on Solaris. Not only is this dangerous


This is actually very similar to how the stealth mode of the SunScreen
firewall works it doesn't plumb up the interface so you can't directly
attack the firewall by attempting connections to an IP address (it acts
more like a bridge when working in this mode).

for large networks, it is often hard to find. Has anyone ever contacted Sun
about this potential problem...I'm fixing to try this on Solaris 8 to
determine if the problem still exists.


It isn't a problem is is a deliberate feature and is due to the way that
the STREAMS framework and snoop work, this is NOT a bug.

--
Darren J Moffat

Current thread:

Hidden sniffer on unplumb'ed interface on Solaris Robert Banniza (Jan 05)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Mike Bristow (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris George Ellenburg (Jan 08)
  - Re: Hidden sniffer on unplumb'ed interface on Solaris Casper Dik (Jan 09)
- <Possible follow-ups>
- Re: Hidden sniffer on unplumb'ed interface on Solaris Darren Moffat (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Chris St. Clair (Jan 08)