Date: Mon, 23 May 2016 09:23:31 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: bugzilla-noreply@freebsd.org Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: [Bug 166255] [net] [patch] It should be possible to disable "promiscuous mode enabled" messages Message-ID: <CAN6yY1tDcg%2BiTWDC9b8bKwm16kT2-1pa5Fu6W7rE8%2BeRCnaufA@mail.gmail.com> In-Reply-To: <bug-166255-2472-Q0QQCJ9BM4@https.bugs.freebsd.org/bugzilla/> References: <bug-166255-2472@https.bugs.freebsd.org/bugzilla/> <bug-166255-2472-Q0QQCJ9BM4@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 23, 2016 at 2:54 AM, <bugzilla-noreply@freebsd.org> wrote: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166255 > > --- Comment #13 from borjam@sarenet.es --- > (In reply to eugen from comment #10) > > Would be better to make it a loader only tunable, and read only at run > time, > indeed! > > -- > You are receiving this mail because: > You are the assignee for the bug. > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > +1 The knowledge that an interface is being set to promiscuous mode is very important or security. Allowing it to be changed on a running system where that change is likely to go unnoticed leaving you unaware that your network is being snooped via a compromised system. While I don't like the idea of hiding these messages at all and think dealing with the issue through syslog.conf more appropriate, at least don't let the setting be changed on a running system! -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1tDcg%2BiTWDC9b8bKwm16kT2-1pa5Fu6W7rE8%2BeRCnaufA>