> > Why ifconfig never shows up PROMISC flag on 2.X, even if it *is* in PROMISC > mode ? Sun has already acknowledged that their interface drivers do not support a promisc flag and it will be awhile before it is incorporated (if ever?). HP-UX is the only Unix vendor that I think that does not use a promiscuous interface. If you are relying on ifconfig to test for sniffers, many intruders already replace ifconfig. A decent solution that more vendors should incorporate is S/key will stop much of the compromising due to sniffed passwords. > > What's up with a "+" in /etc/hosts.equiv in Solaris 1.1.2 aka 4.1.4, or Here is an example of a well known vulnerability that everyone has complained about once and it still persists after How many years? > Why DEC ships off Ultrix 4.X with a weirdo /.rhosts which contains -- > "# @(#).rhosts 8.1 Ultrix 9/18/92" (taken out of 4.4 ult) The same problem exists where vendor has shipped or the admin has added # comments to hosts.equiv. It's easy for an intruder to change the hostname to # and then he is assumed coming from a trusted site. > Why can't you make mountd on Ultrix 4.X reject mount requests from > non-privileged ports? turning on "nfsportmon" in the kernel doesn't > quite do the job properly. Things that make you go hmmm... Install a good portmapper so that remote hosts can't easily find what port mountd is on. A better solution is to make sure that your routers kill all NFS packets from remote nets. -- Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030 Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Atlanta, GA. 30350-2450.