Re: snooper watchers

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: der Mouse: "Re: Sendmail 8.6.9 security hole"
• Previous message: Christopher Samuel: "Re: Sendmail 8.6.9 security hole"
• In reply to: Mark Graff : "Re: snooper watchers"
• Next in thread: Eric Conrad: "Re: snooper watchers"

> I'm doing some work for a client who has had some suggestions that they
> run a program to watch the state of ifconfig, and send mail if the
> interface ever goes promiscuous.  This works just fine under SunOS 4.x,
> however, their concern is that this does not appear to work for Solaris 2.x.
> I have noticed that snoop in promiscuous mode does not affect the 
> status from ifconfig, so the current method for looking for a 
> promiscuous interface wont do them any good.  I'll be looking into
> this, but I figured I'd ask here to see if anyone has done something
> like this.  (I haven't seen a snooper for 2.x like the SunOS one, but with
> tools like snoop, I assume that one is in the works someplace.)


What works under Solaris 2.x is using lsof on the network pseudo
devices.  It will show you all the snoopers, but not whether the
interface is promiscuous or not.  The same method also works under
SunOS 4.1.x.

BTW, snoopers for Solaris 2.x do exist and are out there.

Casper

• Next message: der Mouse: "Re: Sendmail 8.6.9 security hole"
• Previous message: Christopher Samuel: "Re: Sendmail 8.6.9 security hole"
• In reply to: Mark Graff : "Re: snooper watchers"
• Next in thread: Eric Conrad: "Re: snooper watchers"