Date: Fri, 07 Oct 2005 09:45:54 -0400 From: Chuck Swiger <cswiger@mac.com> To: John Conover <conover@rahul.net> Cc: freebsd-questions@freebsd.org Subject: Re: Security risk associated with a NIC's promiscuous mode? Message-ID: <43467C12.1060001@mac.com> In-Reply-To: <20051007084807.13455.qmail@rahul.net> References: <20051007084807.13455.qmail@rahul.net>
next in thread | previous in thread | raw e-mail | index | archive | help
John Conover wrote: > Is there any security risk associated with a NIC's promiscuous mode > while running tcpdump and/or arpwatch? A mild one. For example, I believe there was recently a security bug in tcpdump's string handling which could be exploited by tcpdump seeing a maliciously-crafted packet. Running the NIC in promisc mode means that packet just has to go by, rather than being sent specificly to the machine running the sniffer... In other words, it's not a great idea to run a sniffer on your most important fileserver or whatever, rather than an isolated laptop or other test system. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43467C12.1060001>