[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] promiscuous mode



On Saturday 03 December 2005 08:39, Steve Grubb wrote:
> When a network interface goes into promiscuous mode, its an important
> security issue. The attached patch is intended to capture that action and
> send an event to the audit system.

I think we need to decide on this patch. Include it or not?

I think the best reason to include it is that when an interface goes into 
promiscuous mode, the user can see packets for any role and sensitivity 
regardless of what they are currently using. This message would note that an 
exception to the information normal flow rules has occurred and is 
potentially being captured to a file of unknown role and sensitivity.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]