Vulnerability Development mailing list archives

Re: ethernet cards & promisc mode

From: stuart () ECLIPSE NET UK (Stuart Henderson)
Date: Thu, 4 May 2000 20:49:06 +0100


On Thu, May 04, 2000 at 10:35:40AM -0500, C.J. Oster wrote:

You could force the attacker to build an entire kernel and reboot the
machine by building the card driver into the kernel rather than a module,
but one can still work around that as well.


This depends if you can force boots to take place from a
read-only media such as CDROM. (Even without that protection,
securelevel should be good enough to prevent modififications
to the kernel by users without console access. Do OS other
than BSD have securelevel?).

Current thread:

Re: New worm?, (continued)
- - - Re: New worm? Erik Kooijman (May 04)
    - email worm, NOT iloveyou Hinken, Brian (May 04)
    - Re: New worm? 3APA3A (May 04)
    - I Love you virus cure for exchange server NT sven (May 04)
    - "I Love You" worm Voodoo Chile (May 04)
    - Re: New worm? Ron DuFresne (May 04)
    - Re: New worm? Bluefish (May 04)
    - lovethingy spread analyses Roelof Temmingh (May 04)
    - I love you. Blue Boar (May 04)
    - Re: ethernet cards & promisc mode C.J. Oster (May 04)
    - Re: ethernet cards & promisc mode Stuart Henderson (May 04)
    - Re: ethernet cards & promisc mode Granquist, Lamont (May 04)
    - Help me audit a mail filter in C, please? Bennett Todd (May 04)
    - Re: ethernet cards & promisc mode David LaPorte (May 04)
    - Re: ethernet cards & promisc mode Granquist, Lamont (May 05)
    - Re: ethernet cards & promisc mode Bluefish (May 07)
    - "I don't think I really love you" Michal Zalewski (May 07)
    - Re: ethernet cards & promisc mode Granquist, Lamont (May 07)
    - Possible new strain of [CENSORED] Blue Boar (May 05)
    - Re: ethernet cards & promisc mode Dragos Ruiu (May 04)
    - Opportunist? Blue Boar (May 04)

(Thread continues...)