Aaron Dalton wrote:

Thank you so much for your replies!  This makes much more sense now.

I am currently running Snort. I will examine its documentation to see if promiscuous mode is really necessary. In the meantime, am I correct in assuming the only threat is from local users? If so, currently all users are trusted so I shant panic just yet.

Thank you again for your help!

Snort uses promisc to capture the packets off the line and examine them. So this needs to be turned on in able to do some productive things :)
turning it off will disable snort actually.

Reminder for bill: sniffing via bpf requires the same privileges whether promisc. is set or not, so you always need to be root for sniffing data of the line, that is when the permissions is not tampered with :). Thanks #bsddocs (simon ;))

Kind regards,

Remko Lodder                   |[EMAIL PROTECTED]
Reporter DSINet                |[EMAIL PROTECTED]
Projectleader Mostly-Harmless  |[EMAIL PROTECTED]
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to