I was wondering if anyone knows of a way to tell wether the network device
is in promiscuous mode or not on a Solaris box that I have root access to.
I heard someone say that netstat shows this, but running snoop I cannot find
anything in netstat's output that tells me that I'm in promiscuous mode.
/Patrick
No, nobody does. From man page reading, I see that it is torturous and not
necessarily possible (although I think it is indeed possible, but writing the
appropriate program would be very non-trivial).
Incidentally, CERT's "cpm" utility always reports that the ethernet devices
are not in promiscuous mode, whether they are or not. It should probably
be modified to emit an error message when run on solaris, saying "this
doesn't work on solaris".
Tom
>Try ifconfig, I don't use solaris. But maybe it works.
>Tom
Use ifstatus - it works on 2.6 (and with hme interfaces with uptodate
patches.
v2.2 is out and I think it is in the COAST security archive under
mirrors/www.ers.ibm.com/ifstatus
There were some strange patches from Sun when it was either 'never' or
'always' promiscuous regardless of reality but ifstatus works fine since
quite some time.
Neil
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Dr Neil J Long, Computing Services, University of Oxford
* Banbury Road, Oxford, OX2 6NN, UK
* Tel: +44 1865 273232 Fax: +44 1865 273275
* EMail: Neil...@computing-services.oxford.ac.uk
http://www.sunworld.com/sunworldonline/common/security-faq.html
--
___________________________________________________________________
Mark E Drummond Royal Military College of Canada
drumm...@rmc.ca Computing Services
Linux Uber Alles perl || die
...there are two types of command interfaces in the world of
computing: good interfaces and user interfaces.
- Dan Bernstein, Author of qmail
PGP Fingerprint = 503D A72D AF41 2AD1 D433 C514 98D9 9A39 B25A 2405
Really? When *I* read the solaris security faq just now it said "Apparently
this program does not work on Solaris".
The paragraph is rather poorly written, because the first sentence seems to
state that it does. But if you read the whole paragraph, the opinion of the
author is clearly that "ifstatus" does not report whether the interface is
in promiscuous mode in Solaris.
--
very frequently asked questions at
ftp://rtfm.mit.edu/pub/faqs/computer-security/most-common-qs
>Mark Drummond <drumm...@rmc.ca> writes:
>>According to the Solaris Security FAQ there is a utility called ifstatus
>>which can detect this.
>Really? When *I* read the solaris security faq just now it said "Apparently
>this program does not work on Solaris".
I picked up 'ifstatus' about a month ago. It didn't work. I picked
it up again yesterday (from purdue), and it was a different version
that has enough solaris specifics that it probably does work.
> ric...@cs.niu.edu (Neil Rickert) writes:
> >I picked up 'ifstatus' about a month ago. It didn't work. I picked
> >it up again yesterday (from purdue), and it was a different version
> >that has enough solaris specifics that it probably does work.
>
> Wow! It does!
>
> This is very useful information....
Good news, but I'm puzzled that when I inspect Purdue, I find
ftp://coast.cs.purdue.edu/pub/Purdue/ifstatus
which claims to be version 2.2 dated 21 Sep 1998. Doesn't this make it
hard to understand why a version fetched 1 month ago would be different
from one fetched today...?
best regards
In article <1999Jun14....@jarvis.cs.toronto.edu>,
fl...@dgp.toronto.edu (Alan J Rosenthal) writes:
> ric...@cs.niu.edu (Neil Rickert) writes:
>>I picked up 'ifstatus' about a month ago. It didn't work. I picked
>>it up again yesterday (from purdue), and it was a different version
>>that has enough solaris specifics that it probably does work.
>
> Wow! It does!
>
> This is very useful information.... tell all your friends...
--
ftp> get |fortune
377 I/O error: smart remark generator failed
Bogonics: the primary language inside the Beltway
mailto:rlh...@mindwarp.smart.net http://www.smart.net/~rlhamil