|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Crist Clark (crist.clark
GLOBALSTAR.COM)Date: Tue Jan 09 2001 - 17:08:59 CST
Gary Richardson wrote:
[snip]
> Don't you generally have to run IDS software as root in order to switch the
> network device to promiscious mode? This is true under linux, but I suppose not
> under win9x or macOS.
I don't see any reason why a passive IDS on a UNIX-type OS cannot open the
sniffing device and then drop root privs. I believe Snort is supposed to
support this, but have never tried. Also, on system sniffing off of a BPF
device, I believe permissions on the device determine whether a user
may sniff. On a multi-user system, a world readable BPF device has some
obvious problems, but on a dedicated IDS with limited access only to
network and security administrators, giving non-root users access to
the sniffing device could be well worth the trade of not having the IDS
software running as root.
-- Crist J. Clark Network Security Engineer crist.clark
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]