Dave said: > The "stream" is not in promiscuous mode, but an interface might be > (that's the gist of all this traffic about TDRs, etc.) If you want to > check your own system's interface, try one of these: > http://ciac.llnl.gov/ciac/ToolsUnixSysMon.htm#Cpm > http://ciac.llnl.gov/ciac/ToolsUnixSysMon.htm#Ifstatus Naw, that's won't help. Both of those programs are for SunOS 4.1.x, and work fine. But Geoff was asking about Solaris 2.x. That's a different kettle of fish (and I mean that in the nicest way). For those of you who haven't seen it here is a posting I made on the same subject today on comp.security.unix. All the same considerations apply--including the parts where I say this has been discussed here before and how I would rather continue this discussion individually. -mg- [posting begins] This has been discussed several times here, but it's been a while. Here is my current understanding of the situation. First, this problem is completely solved for SunOS 4.1.x. I am aware of two main approaches. Let me know privately if you want details. The situation is much more complicated for Solaris 2.x. 1. The PROMISC feature in the Solaris 2.x ifconfig is broken. The ifconfig program will not report the controller to be in promiscuous mode, even if it is. (This feature works fine in 4.1.x.) 2. No generally available public domain software does the job either. I have seen some promising starts toward a promiscuous-mode detection scheme for Solaris 2.x, and I believe it is possible, and even feasible. But nothing is available today so far as I know. 3. Since the problem was pointed out last year Sun has taken a careful look at the problem. The technical difficulty--and now we approach the edge of my expertise--is that the DLPI interface between the kernel and the device drivers does not provide for transport of the needed data. That is, the protocol does not provide for a general (device-independent) way for the kernel to find out from the ethernet controller the state of the "promiscuous mode" flag. 4. I have seen some code--not from Sun--which comes very close to solving the problem by checking the status flags on each interface card. Unfortunately the only way to do this seems to be to read directly through the kvm interface. This means (as I understand it) that a program that ran on all configurations would require specific code for each supported ethernet interface card. That might seem like a small set; but when you consider that Solaris 2.4 now runs on x86 as a coequal platform, this is a real complication. 5. The code I refer to above will not run successfully on at least of our major hardware platforms. I am not sure why but know that that is being looked at now, today. It may be a bug on our side; and I can't think of any reason we wouldn't fix it, if it is. My understanding is that Sun has no current plans to either (1) develop our own general solution or (2) release and/or support a public domain program to do the job. If, however, I personally become aware of a solution to the problem which is reliable and generally useful, I will make that information known here. This is the situation as I understand it today. Please contact me personally for any followup. I am not trying to give an official position statement here--just fill some folks in on what I know of the issues. -mg- Mark Graff Sun Security Coordinator 415-688-9151 security-alert@sun.com mark.graff@sun.com [posting ends] From owner-bugtraq@fc.net Thu May 4 16:37:34 1995 Subject: Re: promiscuous mode To: mulligan@incog.com Date: Thu, 4 May 1995 15:42:38 -0700 (PDT) Cc: bugtraq@fc.net X-Url: http://www.cac.washington.edu/People/dad/ Precedence: bulk > Some one said that they new how via streams messages to find out if the > stream is in promiscuous mode? I don't think that this is possible, but > could they please reply? The "stream" is not in promiscuous mode, but an interface might be (that's the gist of all this traffic about TDRs, etc.) If you want to check your own system's interface, try one of these: http://ciac.llnl.gov/ciac/ToolsUnixSysMon.htm#Cpm http://ciac.llnl.gov/ciac/ToolsUnixSysMon.htm#Ifstatus -- Dave Dittrich Client Services dittrich@cac.washington.edu Computing & Communications University of Washington <a href="http://www.cac.washington.edu/People/dad/"> Dave Dittrich / dittrich@cac.washington.edu</a>