On Aug 15, 2004, at 15:32, Bill Moran wrote:

Remko Lodder <[EMAIL PROTECTED]> wrote:

Reminder for bill: sniffing via bpf requires the same privileges whether
promisc. is set or not, so you always need to be root for sniffing data
of the line, that is when the permissions is not tampered with :).
Thanks #bsddocs (simon ;))

Really? Then I stand corrected.

If that's the case, though, what _is_ the administrative danger of running
in PROMISC mode?

I think, in general, it's the notion that if the NIC is listening to things it shouldn't, it may hear something it doesn't want to. ;)

In other words, there would be concern over exploits targeted at services or daemons that don't screen inbound traffic for the destination address being that of the local host, because they assume that such traffic could never be delivered to them. That type of thing.

A lot of network scanners also trigger on NICS in promiscuous mode (there's a way to detect them, I forget the details at the moment) because admins want to know if any hosts are out there sniffing.


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to