Re: Incorrect Linux ARP behavior

From: bobk (bobkat_private)
Date: Sat Sep 19 1998 - 09:27:47 PDT

Next message: Steven M. Bellovin: "Re: Incorrect Linux ARP behavior"

Previous message: Darren Reed: "stopping "nack" `stealth' scanning."
Maybe in reply to: Seth McGann: "Incorrect Linux ARP behavior"
Next in thread: Steven M. Bellovin: "Re: Incorrect Linux ARP behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You don't even need a program to demonstrate this behavior:

$ arp -s suspecthost 00:de:ad:c0:ff:ee
$ ping suspecthost

If you get a response, then it is a linux box in promiscuous mode.

don't forget:

$ arp -d suspecthost

When you are done, clearing out the bogus MAC address.



Bob Keyes,
Security Consultant
Cambridge, Mass.

Next message: Steven M. Bellovin: "Re: Incorrect Linux ARP behavior"
Previous message: Darren Reed: "stopping "nack" `stealth' scanning."
Maybe in reply to: Seth McGann: "Incorrect Linux ARP behavior"
Next in thread: Steven M. Bellovin: "Re: Incorrect Linux ARP behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:52 PDT