If it is truely in promiscuos mode, there should not be any problem. You
can test this by pinging the ip address. (It should not respond)
alot of drivers do not allow for full promiscuity however. Remember it's
not the app that talks to the nic, it's the driver. Some companies do offer
promiscuous drivers however if yours does not. NAI also has their own
drivers built for specific nics. (of course you ahve to use they're product
to take advantage) These drivers are advanced prmiscuous drivers that allow
you to see runts and the like across the wire.
But if you are willing to take a server down by putting it's nic in
promiscuous mode, why not just unbind IP from that interface?
-Patrick
>>> "Subba Rao" 08/21/01 05:39PM >>>
Hi,
We have 2 sniffer systems on NT and on Unix. The sniffer puts the ethernet
interfaces
on both the systems in promiscuous mode. Currently we are not worried about
any local
users on the system. Are there any threats from remote users on the
promiscuous interface,
on either system? When I say "remote users", I am talking about John Doe on
our network who
has no business with either of these system. John Doe could be on Internet
as well but has
no user accounts on these systems. Would he get any vulnerable information
from the sniffer
interfaces on either system?
Thank you in advance for any info.
--
Subba Rao
[EMAIL PROTECTED]
http://members.home.net/subba9/
GPG public key ID CCB7344E
Key fingerprint = A8DD 4CBA 1E9B D962 A55B 2B55 BAFE 92C5 CCB7 344E
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16802&t=16734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
