This is impossible through software. If a user gains root
access, and if the NIC has a promiscuous mode which is software
selectable, then that user can put the NIC into promiscuous mode.
Proof is left as an Exercise for the Reader.
If root-enabled packet sniffers are a security concern at
your site, then you'll need to either get a card which doesn't
have p-mode or which can disable p-mode through hardware (e.g.,
a jumper), or you'll have to pull out your soldering iron.
Peace,
* Kurt Starsinic (kstar@isinet.com) ------------------ Technical Specialist *
| ``And you can believe me, because I never lie, and I'm always right.'' |
| -- Firesign Theatre |
Institute for Scientific Information http://www.isinet.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu