promiscuous interface compromised?

sunny10
sunny10 used Ask the Experts™
on
This may be a stupid question, but can an interface that is running in promiscuous mode be compromised?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
TolomirAdministrator
Top Expert 2005

Commented:
Well it can be at least detected.

There are network commands that let just the promiscuous interface answer. then the interface showing it's real IP could be attacked.

E.g you ping an entire subnet. Then you send a special command to an non existing/responding IP address. If the promiscuous interface is not "careful" it might answer.

Then you can pin point that interface, with "additional work".

Tolomir

Author

Commented:
The interface isn't configured with an IP address.  Does that matter?  (not sure if an interface can be in promiscous mode configured with an IP)
jakosysadmin

Commented:
take our word for it, that an interface can be in a promiscuous mode while having an IP.

BTW: what is the operating system you operate in?

Author

Commented:
it's linux rh 4.  The interface will not have an IP address configured on it.  does that make a difference?
Commented:
Hi,

there was a situation in the past, not sure if it will help, but it was to do with the libpcap library bypassing the OSI stack and writing to the hardware level directly. This allowed attackers to bypass application level security. The libpcap library was used to aid promiscuous interfaces, or to put them in promiscuous mode. Not 100% on this, you may need to search this one out.

In the end, whether its promiscuous or not, its a system with the network cable plugged in, it can be attacked, why someone would attack this particular machine and not another is a different matter.

Regards,

Pritesh

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial