|
| TC: | 11024 | |
| Description: | There are several methods of remote promiscuous detection: The DNS test, Etherping test and ARP test. This testcase performs the ARP test which is one of the most reliable. The method consists in sending a specially crafted ARP packet to a fake broadcast address. If a machine responds to such an ARP of its IP address, then it must be in promiscuous mode. | |
| TC Impact: | Gather Info |
| Vulnerability Publication: | September 15, 2000 | |
| Advisory Copyright: | Antisniff | |
| Summary: | A remote attacker can spy on your network and retrieve sensitive data including but not limited to passwords. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None | |
| CVSS 2.0 Base Score: | 0.0 |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | Information disclosure can be performed and sensitive data can be retrieved assisting the malicious offender in further attacks. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Check your hardware documentation in order to learn how to get the network interface(s) out of promiscuous mode. Active hubs can be used as they only send packets to intended machines. Disable the sniffer programs if you do not need them. |
| References: | ||
| * MISC: http://www.packetfactory.net/Projects/sentinel/ * MISC: http://www.securitysoftwaretech.com/antisniff/ * MISC: http://packetstormsecurity.nl/sniffers/antisniff/ |
| CVE Link: |
CVE-1999-0530 |
 |
|---|
| Glossary: |
ARP Information Disclosure Promiscuous Mode |
|---|