Is promiscuous mode bad?
remko at elvandar.org
Sun Aug 15 15:25:48 PDT 2004
Aaron Dalton wrote:
> Thank you so much for your replies! This makes much more sense now.
> I am currently running Snort. I will examine its documentation to see if
> promiscuous mode is really necessary. In the meantime, am I correct in
> assuming the only threat is from local users? If so, currently all users are
> trusted so I shant panic just yet.
> Thank you again for your help!
Snort uses promisc to capture the packets off the line and examine them.
So this needs to be turned on in able to do some productive things :)
turning it off will disable snort actually.
Reminder for bill: sniffing via bpf requires the same privileges whether
promisc. is set or not, so you always need to be root for sniffing data
of the line, that is when the permissions is not tampered with :).
Thanks #bsddocs (simon ;))
Remko Lodder |remko at elvandar.org
Reporter DSINet |remko at dsinet.org
Projectleader Mostly-Harmless |remko at mostly-harmless.nl
More information about the freebsd-questions