From owner-freebsd-questions@FreeBSD.ORG  Sun Aug 15 22:25:48 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 69AFC16A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2004 22:25:48 +0000 (GMT)
Received: from redqueen.elvandar.org (cust.94.120.adsl.cistron.nl
	[195.64.94.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C486343D46
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2004 22:25:47 +0000 (GMT)
	(envelope-from remko@elvandar.org)
Received: from [10.0.2.122] (nimrod.elvandar.intranet [10.0.2.122])
	by redqueen.elvandar.org (Postfix) with ESMTP id B86E710685E;
	Mon, 16 Aug 2004 00:25:44 +0200 (CEST)
Message-ID: <411FE2E9.1090704@elvandar.org>
Date: Mon, 16 Aug 2004 00:25:45 +0200
From: Remko Lodder <remko@elvandar.org>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Aaron Dalton <aaron@daltons.ca>
References: <200408151429.05110.aaron@daltons.ca>
	<20040815170806.45fcb779.wmoran@potentialtech.com>
	<200408151603.26022.aaron@daltons.ca>
In-Reply-To: <200408151603.26022.aaron@daltons.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at elvandar.org
cc: Bill Moran <wmoran@potentialtech.com>
cc: freebsd-questions@freebsd.org
Subject: Re: Is promiscuous mode bad?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2004 22:25:48 -0000

Aaron Dalton wrote:

> Thank you so much for your replies!  This makes much more sense now.
> 
> I am currently running Snort.  I will examine its documentation to see if 
> promiscuous mode is really necessary.  In the meantime, am I correct in 
> assuming the only threat is from local users?  If so, currently all users are 
> trusted so I shant panic just yet.
> 
> Thank you again for your help!

Snort uses promisc to capture the packets off the line and examine them. 
So this needs to be turned on in able to do some productive things :)
turning it off will disable snort actually.

Reminder for bill: sniffing via bpf requires the same privileges whether 
promisc. is set or not, so you always need to be root for sniffing data 
of the line, that is when the permissions is not tampered with :). 
Thanks #bsddocs (simon ;))

-- 
Kind regards,

Remko Lodder                   |remko@elvandar.org
Reporter DSINet                |remko@dsinet.org
Projectleader Mostly-Harmless  |remko@mostly-harmless.nl