Is promiscuous mode bad?
Kevin Stevens
freebsd at pursued-with.net
Sun Aug 15 19:51:47 PDT 2004
On Aug 15, 2004, at 15:32, Bill Moran wrote:
> Remko Lodder <remko at elvandar.org> wrote:
>
>> Reminder for bill: sniffing via bpf requires the same privileges
>> whether
>> promisc. is set or not, so you always need to be root for sniffing
>> data
>> of the line, that is when the permissions is not tampered with :).
>> Thanks #bsddocs (simon ;))
>
> Really? Then I stand corrected.
>
> If that's the case, though, what _is_ the administrative danger of
> running
> in PROMISC mode?
I think, in general, it's the notion that if the NIC is listening to
things it shouldn't, it may hear something it doesn't want to. ;)
In other words, there would be concern over exploits targeted at
services or daemons that don't screen inbound traffic for the
destination address being that of the local host, because they assume
that such traffic could never be delivered to them. That type of
thing.
A lot of network scanners also trigger on NICS in promiscuous mode
(there's a way to detect them, I forget the details at the moment)
because admins want to know if any hosts are out there sniffing.
KeS
More information about the freebsd-questions
mailing list