From owner-freebsd-questions@FreeBSD.ORG  Sun Aug 15 21:08:08 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A767416A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2004 21:08:08 +0000 (GMT)
Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net
	[66.167.251.6])	by mx1.FreeBSD.org (Postfix) with ESMTP id 8071A43D3F
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2004 21:08:08 +0000 (GMT)
	(envelope-from wmoran@potentialtech.com)
Received: from working.potentialtech.com
	(pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by internet.potentialtech.com (Postfix) with ESMTP id 5B29169A71;
	Sun, 15 Aug 2004 17:08:07 -0400 (EDT)
Date: Sun, 15 Aug 2004 17:08:06 -0400
From: Bill Moran <wmoran@potentialtech.com>
To: Aaron Dalton <aaron@daltons.ca>
Message-Id: <20040815170806.45fcb779.wmoran@potentialtech.com>
In-Reply-To: <200408151429.05110.aaron@daltons.ca>
References: <200408151429.05110.aaron@daltons.ca>
Organization: Potential Technologies
X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd4.9)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: Is promiscuous mode bad?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2004 21:08:08 -0000

Aaron Dalton <aaron@daltons.ca> wrote:

> I was running security/rkhunter and it warns me about my network card
> being in 
> promiscuous mode.  I have a few questions:
> 1) What exactly is promiscuous mode? (I've done some googling but haven't 
> found anything really clear)

Promiscuous mode means the network card sends all traffic received to the
kernel for processing, even if it wasn't destin for the MAC address of that
card.  In normal mode, traffic not destin for that card is dropped and the
kernel never sees it.

> 2) Why might it be considered a bad thing?

Once the card is placed in promiscuous mode, users on your system can use
packet sniffers to sniff network traffic without needing root privs on
your system.  The NIC is promiscuous for the whole machine.

> 3) How do I disable it if it really is bad?

ifconfig should allow you to do this.

> 4) What are the effects of disabling it?

Pretty much the reverse of #2.  If you're running may types of scanning
software, or network sniffers, they will put the card in promisc mode.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com