[HECnet] Multinet Tunnel Connections to SG1::
Mark Benson
md.benson at gmail.com
Thu Jun 7 09:30:27 PDT 2012
On 7 Jun 2012, at 08:28, Johnny Billquist <bqt at softjar.se> wrote:
Dangerous in which way?
Promiscuous mode is considered a security risk because it can be used
to expose other packets not intended for viewing, which is why it's
restricted to root. BUT I, at least, am intending to use such a
service on a dedicated single purpose box, so that's not a big issue
for me.
It will create a larger load on the system, but that's about it. And todays machines are fast enough that you really need a lot of traffic before it will become a serious problem from that point of view.
I run both my Linux boxes with SimH running 24/7 and the interface in
promiscuous mode as a result. They are behind a gigabit switch Netgear
switch. The resulting extra network traffic as a result is... well non
existant. My network isn't exactly busy but there are other machines
on the switch that have constant traffic.
The main reason in the past for changing the MAC address has been that you want to control the source MAC address. However, most systems now allows you to spoof the source MAC when outputting packets on the ethernet, so that problem is solved.
This also occured to me. MAC address spoofing is pretty easy in most
UNIX variants unless it is strictly disallowed.
Load is the one remaining reason to even worry, and that is a rather small worry for most people.
It's a risk anyone using DECnet via libpcap already accepts, anyway.
--
Mark Benson
http://markbenson.org/blog
http://twitter.com/MDBenson
More information about the Hecnet-list
mailing list