Date: Sun, 15 Aug 2004 17:08:06 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Aaron Dalton <aaron@daltons.ca> Cc: freebsd-questions@freebsd.org Subject: Re: Is promiscuous mode bad? Message-ID: <20040815170806.45fcb779.wmoran@potentialtech.com> In-Reply-To: <200408151429.05110.aaron@daltons.ca> References: <200408151429.05110.aaron@daltons.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Aaron Dalton <aaron@daltons.ca> wrote: > I was running security/rkhunter and it warns me about my network card > being in > promiscuous mode. I have a few questions: > 1) What exactly is promiscuous mode? (I've done some googling but haven't > found anything really clear) Promiscuous mode means the network card sends all traffic received to the kernel for processing, even if it wasn't destin for the MAC address of that card. In normal mode, traffic not destin for that card is dropped and the kernel never sees it. > 2) Why might it be considered a bad thing? Once the card is placed in promiscuous mode, users on your system can use packet sniffers to sniff network traffic without needing root privs on your system. The NIC is promiscuous for the whole machine. > 3) How do I disable it if it really is bad? ifconfig should allow you to do this. > 4) What are the effects of disabling it? Pretty much the reverse of #2. If you're running may types of scanning software, or network sniffers, they will put the card in promisc mode. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040815170806.45fcb779.wmoran>