Re: Disabling Promisc mode,

Kurt Starsinic (kstar@isinet.com)
Wed, 27 May 1998 17:08:10 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joel Jaeggli: "Re: Disabling Promisc mode,"
Previous message: Paul Flinders: "Re: Disabling Promisc mode,"
Maybe in reply to: Murat Bicer: "Disabling Promisc mode,"

David Woodhouse wrote:
> > >I dont mean that.
> > >I want sth such that Noone even root cannot take the machine into promisc
> > >mode.
> >
> > >get the idea?
> >
> >
> > Don't give root access to people you can't trust.
>
> That's a fine plan if you can guarantee it. However, if someone _does_ get root
> access to a box on a sensitive subnet, then it's nice to know they can't start
> a packet sniffer without recompiling the kernel and rebooting.

This is impossible through software. If a user gains root
access, and if the NIC has a promiscuous mode which is software
selectable, then that user can put the NIC into promiscuous mode.
Proof is left as an Exercise for the Reader.

If root-enabled packet sniffers are a security concern at
your site, then you'll need to either get a card which doesn't
have p-mode or which can disable p-mode through hardware (e.g.,
a jumper), or you'll have to pull out your soldering iron.

Peace,
* Kurt Starsinic (kstar@isinet.com) ------------------ Technical Specialist *
| ``And you can believe me, because I never lie, and I'm always right.'' |
| -- Firesign Theatre |
Institute for Scientific Information http://www.isinet.com/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Joel Jaeggli: "Re: Disabling Promisc mode,"
Previous message: Paul Flinders: "Re: Disabling Promisc mode,"
Maybe in reply to: Murat Bicer: "Disabling Promisc mode,"