Honeypots mailing list archives
RE: [inbox] undetectable NIC in promiscuous mode
From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 5 Mar 2004 11:29:32 -0600
Jose_Maria_Gonzalez wrote:
Correct me if I am wrong but would a host with a NIC in promiscuous mode with no IP set-up be detectable?
Yes, there are protocols that do not depend on ip such as arp, dhcp, and others. Of course nothing in layer 2 depends on ip. A sure way to avoid detection is to snip your TX lines 1&2. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
<<attachment: winmail.dat>>
Current thread:
- undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- RE: undetectable NIC in promiscuous mode Román Ramírez (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Work (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Secdigital (Mar 07)
- RE: undetectable NIC in promiscuous mode Simon Thornton (Mar 11)
- <Possible follow-ups>
- RE: undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Work (Mar 07)
- RE: undetectable NIC in promiscuous mode Walter, Mario {VIE-~Kaiseraugst} (Mar 08)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)