solpromisc
Platforms:
Solaris
Categories:
Auditing,
IDS,
Intrusion Detection,
Network,
Network,
Sniffer,
Solaris,
System Security Management
Version: 1.0
URL: http://www.low-level.net/udp/projects.html
This is a kernel module which you can load to detect attempts to put devices into promiscuous mode from user space via DLPI (e.g. solsniff, tcpdump, anything pcap based). It dumps the cred struct for the process, and the driver responsible, to the dmesg output buffer for collection by syslog. Read the source, please.
