Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!ucsd!ucbvax!drake.almaden.ibm.COM!drake
From: drake@drake.almaden.ibm.COM
Newsgroups: comp.protocols.ibm
Subject: Re: Restricting IBM token-ring snooping
Message-ID: <9010192139.AA23239@lilac.berkeley.edu>
Date: 19 Oct 90 20:04:16 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Reply-To: rufus!drake.almaden.ibm.com!drake@UUNET.UU.NET
Organization: The Internet
Lines: 23

In article <1990Oct19.143505@ria.ccs.uwo.ca> peter@ria.ccs.uwo.ca writes:
>I have heard (second hand from IBM) that on token rings while promiscuous mode
>is available on some boards that there is a way to restrict it to just certain
>stations.  Is this a general facility provided by the token ring protocols?
>How is this identification enforced?  What do I have to buy?

Standard Token Ring cards (from IBM, at least) don't have a
"promiscuous mode" at all.  Can't be done.  For monitoring
applications, you have to purchase a special "trace and performance
adapter".  When such a card inserts itself into the ring, an alert is
sent to every other station on the ring.  If one of those stations is
running the IBM LAN Manager, it logs the fact that a monitor is on the
ring, and if the monitor isn't registered with the LAN Manager it will
force that station OFF the ring.

So with standard Token Ring adapters there is no promiscuous mode.
Adapters with promiscuous mode announce their presence and can be shut off
by another system on the ring.  Reasonably secure!


Sam Drake / IBM Almaden Research Center
Internet:  drake@ibm.com            BITNET:  DRAKE at ALMADEN
Usenet:    ...!uunet!ibmarc!drake   Phone:   (408) 927-1861