>I am trying to determine how I can tell if my 2.5.1, 2.6, and 2.7
>solaris boxs are in promiscious mode. Any ideas?
I'm assuming you mean determining remotely? If you're on
the box, I think there is a command to see it. Of course, those
commands are sometimes modified to hide the fact.
>I seached through
>the archives and found a discussion last month but I didnt see any
>resolution to the issue.
Take a good look at the documentation for Antisniff from the
L0pht. Most of the known techniques for finding promiscuous
boxes are outlined there.
>Is there a way I can modify my solaris
>boxes so they cant go into promiscious mode?
You could try some kernel mods, but this wouldn't stop some
attackers who break root... they can put it back. You typically
need root to go promiscuous anyway, so i don't know that it would
be worth the effort.
>I assume this would
>break arp?
No, ARP relies on layer 2 broadcasts, so all machines will get the packets
without that.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
