[Iftop-users] iftop Security
Paul Warren
pdw at ex-parrot.com
Tue Jun 7 09:11:33 BST 2016
On 07/06/2016 07:13, entr0py wrote:
> Are there any security implications for running iftop continuously on an internet-facing production machine?
Potentially. It's code processing untrusted data that's typically
running as root. That said, the processing is of packet headers which
are typically of fixed size so obvious buffer overflow vulnerabilities
are unlikely.
> Have there been past vulnerabilities?
No.
> Would iftop be susceptible to libpcap vulnerabilities?
Yes.
> Does enabling promiscuous mode increase risk?
Yes, in that you'll see more packets than you would do otherwise. Of
course a targetted attack could just send the packet to your machine
even if you weren't in promiscuous mode.
Paul
More information about the iftop-users
mailing list