Is promiscuous mode bad?
Remko Lodder
remko at elvandar.org
Sun Aug 15 14:11:56 PDT 2004
Aaron Dalton wrote:
> I was running security/rkhunter and it warns me about my network card being in
> promiscuous mode. I have a few questions:
> 1) What exactly is promiscuous mode? (I've done some googling but haven't
> found anything really clear)
> 2) Why might it be considered a bad thing?
> 3) How do I disable it if it really is bad?
> 4) What are the effects of disabling it?
>
> Thank you *so much* for your time!
Hi Aaron,
1) Promiscuous mode means that your network is dumping it packets
somewhere, normally they get transported. Now the added feature is that
a application like tcpdump can display the packets and with the correct
options (tcpdump -X for example) you can even see what's inside the
packets. If you do plain auth authorization it is possible with a
'sniffer' (which puts your network into promisc. mode) to see what the
username and password of the user is, so using those credentials to do
something evil.
2) see above
3) ifconfig -a (check which has PROMISC in it)
ifconfig interfacename -promisc turns the promisc mode off
4) the application that enabled promisc probably not functioning
correctly anymore, which is perhaps good thing.
Are you running any IDS'es or something that you know? since they also
put the network into promisc mode.
Cheers!
--
Kind regards,
Remko Lodder |remko at elvandar.org
Reporter DSINet |remko at dsinet.org
Projectleader Mostly-Harmless |remko at mostly-harmless.nl
More information about the freebsd-questions
mailing list