Date: Sun, 15 Aug 2004 19:53:10 -0700 From: Kevin Stevens <freebsd@pursued-with.net> To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: Is promiscuous mode bad? Message-ID: <688492D4-EF2F-11D8-9CD1-000A959CEE6A@pursued-with.net> In-Reply-To: <20040815183205.66b753cd.wmoran@potentialtech.com> References: <200408151429.05110.aaron@daltons.ca> <20040815170806.45fcb779.wmoran@potentialtech.com> <200408151603.26022.aaron@daltons.ca> <411FE2E9.1090704@elvandar.org> <20040815183205.66b753cd.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 15, 2004, at 15:32, Bill Moran wrote: > Remko Lodder <remko@elvandar.org> wrote: > >> Reminder for bill: sniffing via bpf requires the same privileges >> whether >> promisc. is set or not, so you always need to be root for sniffing >> data >> of the line, that is when the permissions is not tampered with :). >> Thanks #bsddocs (simon ;)) > > Really? Then I stand corrected. > > If that's the case, though, what _is_ the administrative danger of > running > in PROMISC mode? I think, in general, it's the notion that if the NIC is listening to things it shouldn't, it may hear something it doesn't want to. ;) In other words, there would be concern over exploits targeted at services or daemons that don't screen inbound traffic for the destination address being that of the local host, because they assume that such traffic could never be delivered to them. That type of thing. A lot of network scanners also trigger on NICS in promiscuous mode (there's a way to detect them, I forget the details at the moment) because admins want to know if any hosts are out there sniffing. KeS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?688492D4-EF2F-11D8-9CD1-000A959CEE6A>