Are there any security implications for running iftop continuously on an internet-facing production machine? Have there been past vulnerabilities? Would iftop be susceptible to libpcap vulnerabilities? Does enabling promiscuous mode increase risk?
Thanks in advance!
On 07/06/2016 07:13, entr0py wrote:
Are there any security implications for running iftop continuously on an internet-facing production machine?
Potentially. It's code processing untrusted data that's typically running as root. That said, the processing is of packet headers which are typically of fixed size so obvious buffer overflow vulnerabilities are unlikely.
Have there been past vulnerabilities?
No.
Would iftop be susceptible to libpcap vulnerabilities?
Yes.
Does enabling promiscuous mode increase risk?
Yes, in that you'll see more packets than you would do otherwise. Of course a targetted attack could just send the packet to your machine even if you weren't in promiscuous mode.
Paul