topic Re: Using CSA to prevent NIC in Promiscious Mode(Windows) in Network Security

Using CSA to prevent NIC in Promiscious Mode(Windows)

mnlatif — Sun, 10 Mar 2019 10:20:47 GMT

Hi,

There seems to be no functionality in CSA-Windows Rule to prevent going a NIC into promiscious mode (Though there is a UNIX rule for that).

How I can I prevent sniffer applications from being launched on Windows using CSA ?

I don't want to create a List of sniffer application and then use Application Control rule, since that means I will have to keep updating that list.

Is there a more dynamic way ?

Thanks,

Naman

tsteger1 — Fri, 01 Dec 2006 17:34:38 GMT

You might try a 'connection rate limit' rule to keep hosts from making over a certain amount of connections in a specified period of time.

There might also be a way to classify 'chatty' applications dynamically and then deny them the ability to make over a certain number of connections.

Why are you trying to accomplish this, if you don't mind my asking?

Tom S

tsteger1 — Sat, 02 Dec 2006 00:03:47 GMT

You also might try blocking the packet drivers (like WinPcap) that these apps rely on. It might be an easier list to manage.

Tom S