argus option review
Borja Marcos
borjam at sarenet.es
Fri Jan 26 06:26:05 EST 2001
David Brumley wrote:
>
> > The biggest one is "-p". Should we be in promiscuous mode by default?
> > My bet is no. Do we have any other votes/opinions?
>
> My vote is to go into promisc mode by default.
I agree with that. This option is a sort of standard
for many programs which use BPF/Libpcap, so it should have the
standard behavior, to comply with the principle of least
surprise.
> I would leave it off by default.
I agree, also. The previous version logged to files and this
is new functionality. If someone starts argus with a script
used with the previous versions, according to the famous
principle, it shouldn't listen for network connections.
Borja.
More information about the argus
mailing list