Firewall Wizards mailing list archives
Re: tcpdump on my firewall
From: Barney Wolff <barney () databus com>
Date: Sat, 27 Oct 2001 13:34:42 -0400
It seems that everybody is assuming that tcpdump turns on promiscuous mode. That doesn't have to be true, especially on a firewall, where (one hopes!) all the packets actually go through the box. The FreeBSD flavor of tcpdump has the -p option to avoid promiscuous mode, and I'd bet that other flavors can do the same. That said, there have been tcpdump compromises, and it's unlikely that there will never be another. But that's true of absolutely anything that runs, on the firewall or anywhere else. The risk of an undetected compromise via tcpdump, when an admin is actually looking at it, seems small. I wouldn't leave it running unattended, though. -- Barney Wolff "Nonetheless, ease and peace had left this people still curiously tough. They were, if it came to it, difficult to daunt or to kill; and they were, perhaps, so unwearyingly fond of good things not least because they could, when put to it, do without them, and could survive rough handling by grief, foe, or weather in a way that astonished those who did not know them well and looked no further than their bellies and their well-fed faces." J.R.R.T. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: tcpdump on my firewall, (continued)
- Re: tcpdump on my firewall Jose Nazario (Oct 26)
- Re: tcpdump on my firewall Frederick M Avolio (Oct 26)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- RE: Re: tcpdump on my firewall R. DuFresne (Oct 28)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- Re: tcpdump on my firewall hermit1 (Oct 27)
- Re: tcpdump on my firewall Barney Wolff (Oct 28)