From owner-freebsd-questions@FreeBSD.ORG  Mon Aug 16 02:51:47 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B3F6016A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 16 Aug 2004 02:51:47 +0000 (GMT)
Received: from pursued-with.net (adsl-66-125-9-244.dsl.sndg02.pacbell.net
	[66.125.9.244])	by mx1.FreeBSD.org (Postfix) with ESMTP id 39BF743D39
	for <freebsd-questions@freebsd.org>;
	Mon, 16 Aug 2004 02:51:47 +0000 (GMT)
	(envelope-from freebsd@pursued-with.net)
Received: from [10.0.1.101] (unknown [10.0.1.101])
	by pursued-with.net (Postfix) with ESMTP
	id B52B622E3A8; Sun, 15 Aug 2004 19:51:55 -0700 (PDT)
In-Reply-To: <20040815183205.66b753cd.wmoran@potentialtech.com>
References: <200408151429.05110.aaron@daltons.ca>
	<20040815170806.45fcb779.wmoran@potentialtech.com>
	<200408151603.26022.aaron@daltons.ca> <411FE2E9.1090704@elvandar.org>
	<20040815183205.66b753cd.wmoran@potentialtech.com>
Mime-Version: 1.0 (Apple Message framework v619)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <688492D4-EF2F-11D8-9CD1-000A959CEE6A@pursued-with.net>
Content-Transfer-Encoding: 7bit
From: Kevin Stevens <freebsd@pursued-with.net>
Date: Sun, 15 Aug 2004 19:53:10 -0700
To: Bill Moran <wmoran@potentialtech.com>
X-Mailer: Apple Mail (2.619)
cc: Remko Lodder <remko@elvandar.org>
cc: freebsd-questions@freebsd.org
Subject: Re: Is promiscuous mode bad?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2004 02:51:47 -0000


On Aug 15, 2004, at 15:32, Bill Moran wrote:

> Remko Lodder <remko@elvandar.org> wrote:
>
>> Reminder for bill: sniffing via bpf requires the same privileges 
>> whether
>> promisc. is set or not, so you always need to be root for sniffing 
>> data
>> of the line, that is when the permissions is not tampered with :).
>> Thanks #bsddocs (simon ;))
>
> Really?  Then I stand corrected.
>
> If that's the case, though, what _is_ the administrative danger of 
> running
> in PROMISC mode?

I think, in general, it's the notion that if the NIC is listening to 
things it shouldn't, it may hear something it doesn't want to.  ;)

In other words, there would be concern over exploits targeted at 
services or daemons that don't screen inbound traffic for the 
destination address being that of the local host, because they assume 
that such traffic could never be delivered to them.  That type of 
thing.

A lot of network scanners also trigger on NICS in promiscuous mode 
(there's a way to detect them, I forget the details at the moment) 
because admins want to know if any hosts are out there sniffing.

KeS