Re: [PATCH] promiscuous mode
On Saturday 03 December 2005 08:39, Steve Grubb wrote:
When a network interface goes into promiscuous mode, its an
important
security issue. The attached patch is intended to capture that action and
send an event to the audit system.
I think we need to decide on this patch. Include it or not?
I think the best reason to include it is that when an interface goes into
promiscuous mode, the user can see packets for any role and sensitivity
regardless of what they are currently using. This message would note that an
exception to the information normal flow rules has occurred and is
potentially being captured to a file of unknown role and sensitivity.
-Steve