> > This is impossible through software. If a user gains root
> > access, and if the NIC has a promiscuous mode which is software
> > selectable, then that user can put the NIC into promiscuous mode.
> > Proof is left as an Exercise for the Reader.
> >
> I think the idea is to disable this mode within the kernel and
> not leave the kernel source laying around within the machine. That
> way, even root can't get raw promiscous packets.
If your hardware is toxic enough (like mine :-) (so that stock kernel
will not run, and ethernet card driver needed few udelays() to make it
work), this could be effective.
Really, this will at least slow him down. Patching running kernel is
pretty hard task. If you are hacking machine, you are doing it from
ethernet (usually) and playing with ethernet card you are logged in
from, can be "interesting".
So, while it will not prevent hacker from breaking in, it might make
his work a bit more difficult...
> But... If the machine will boot DOS, the user can execute LANWatch
> (Ftp Software, Inc) or some other similar software, and capture all
> the packets he/she wants. The solution is, of course, run off
> a switch....
Well, setting up dos remotely on unknown hardware can be difficult
task. And if he does error, he has just stopped himself.
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu