by [ First off, tell them to typeQuote:>Thus, to run flexlm, you must chmod 666 /dev/lan0.
>Both companies have told me, in essence, that this is a non-issue. Am I
>being paranoid, or is it a major security hold to have /dev/lan0 open
>for public reading (and *WRITING*)?
% uname -a
HP-UX roissy A.09.01 A 9000/710 2000058403 two-user license
^^^^^^^^^^
and look at this number. HP says it is unique per machine and will
stay the same if HP replaces your board. They don't make the same
claim about your ethernet address.
]
HP doesn't support promiscuous mode through /dev/lan0, so you cannot
eavesdrop on the net as a whole. You can't send ethernet frames that
look like they came from a different computer. You can't send or receive
ethernet frames with a type field that is in use by some other thing
in your computer, so you can't spoof IP because the kernel has already
claimed that protocol-type for itself. You can't reset the interface
unless you are root. [This is all determined from a machine that
*doesn't* have the STREAMS add-on.]
Now for the security holes:
If there is *any* protocol in use on your network that your HP box is
*not* using, that protocol can be spoofed from your machine through the
/dev/lan0 interface. This could mean Novell or DECNET or it could just
mean gobs of broadcast packets containing the string "YADDA YADDA YADDA".
Don't forget that routers often are set up to forward more than just
IP packets. For example, the network here also forwards IPX packets,
so I could use my HP to attack a Novell machine on the other side of
the campus, if I was willing to implement Novell protocols as user
level code.