Honeypots: RE: [inbox] undetectable NIC in promiscuous mode

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

RE: [inbox] undetectable NIC in promiscuous mode

From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 5 Mar 2004 11:29:32 -0600

Jose_Maria_Gonzalez wrote:

Correct me if I am wrong but would a host with a NIC in 
promiscuous mode with no IP set-up be detectable?


Yes, there are protocols that do not depend on ip such as arp, dhcp, and
others.  Of course nothing in layer 2 depends on ip.  A sure way to avoid
detection is to snip your TX lines 1&2.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

<<attachment: winmail.dat>>

By Date By Thread

Current thread:

undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
  - RE: undetectable NIC in promiscuous mode Román Ramírez (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
  - Re: [inbox] undetectable NIC in promiscuous mode Work (Mar 05)
  - RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
    - Re: [inbox] undetectable NIC in promiscuous mode Secdigital (Mar 07)
- RE: undetectable NIC in promiscuous mode Simon Thornton (Mar 11)
- <Possible follow-ups>
- RE: undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)