Is promiscuous mode bad?

[Remko Lodder]

Aaron Dalton wrote:

> Thank you so much for your replies!  This makes much more sense now.
> 
> I am currently running Snort.  I will examine its documentation to see if 
> promiscuous mode is really necessary.  In the meantime, am I correct in 
> assuming the only threat is from local users?  If so, currently all users are 
> trusted so I shant panic just yet.
> 
> Thank you again for your help!

Snort uses promisc to capture the packets off the line and examine them. 
So this needs to be turned on in able to do some productive things :)
turning it off will disable snort actually.

Reminder for bill: sniffing via bpf requires the same privileges whether 
promisc. is set or not, so you always need to be root for sniffing data 
of the line, that is when the permissions is not tampered with :). 
Thanks #bsddocs (simon ;))

-- 
Kind regards,

Remko Lodder                   |remko at elvandar.org
Reporter DSINet                |remko at dsinet.org
Projectleader Mostly-Harmless  |remko at mostly-harmless.nl