Bugtraq mailing list archives

Re: Hidden sniffer on unplumb'ed interface on Solaris

From: Mike Bristow <mike () URGLE COM>
Date: Fri, 5 Jan 2001 19:56:55 +0000

On Thu, Jan 04, 2001 at 09:40:33PM -0800, Robert Banniza wrote:

After reading the following article
(http://www.enteract.com/~robt/Docs/Howto/Sun/sniffer-trick.txt) by Rob
Thomas, it was brought to my attention that a sniffer can be silently
sitting on an unplumb'ed interface on Solaris. Not only is this dangerous
for large networks, it is often hard to find. Has anyone ever contacted Sun
about this potential problem...I'm fixing to try this on Solaris 8 to
determine if the problem still exists.


Equally, it's nice to be able to have your IDS be able to see the
network it's detecting intrusions on, without being visable from
that network.

Like most features, there are good & bad points; overall I like the
ability.

--
Mike Bristow, seebitwopie

Current thread:

Hidden sniffer on unplumb'ed interface on Solaris Robert Banniza (Jan 05)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Mike Bristow (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris George Ellenburg (Jan 08)
  - Re: Hidden sniffer on unplumb'ed interface on Solaris Casper Dik (Jan 09)
- <Possible follow-ups>
- Re: Hidden sniffer on unplumb'ed interface on Solaris Darren Moffat (Jan 08)
- Re: Hidden sniffer on unplumb'ed interface on Solaris Chris St. Clair (Jan 08)