Date: Mon, 16 Aug 2004 00:25:45 +0200 From: Remko Lodder <remko@elvandar.org> To: Aaron Dalton <aaron@daltons.ca> Cc: freebsd-questions@freebsd.org Subject: Re: Is promiscuous mode bad? Message-ID: <411FE2E9.1090704@elvandar.org> In-Reply-To: <200408151603.26022.aaron@daltons.ca> References: <200408151429.05110.aaron@daltons.ca> <20040815170806.45fcb779.wmoran@potentialtech.com> <200408151603.26022.aaron@daltons.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Aaron Dalton wrote: > Thank you so much for your replies! This makes much more sense now. > > I am currently running Snort. I will examine its documentation to see if > promiscuous mode is really necessary. In the meantime, am I correct in > assuming the only threat is from local users? If so, currently all users are > trusted so I shant panic just yet. > > Thank you again for your help! Snort uses promisc to capture the packets off the line and examine them. So this needs to be turned on in able to do some productive things :) turning it off will disable snort actually. Reminder for bill: sniffing via bpf requires the same privileges whether promisc. is set or not, so you always need to be root for sniffing data of the line, that is when the permissions is not tampered with :). Thanks #bsddocs (simon ;)) -- Kind regards, Remko Lodder |remko@elvandar.org Reporter DSINet |remko@dsinet.org Projectleader Mostly-Harmless |remko@mostly-harmless.nl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411FE2E9.1090704>