[tclug-list] Security concerns for local traffic

Sun Dec 30 02:12:52 CST 2007

Greetings,

Many people are using pound ( http://www.apsis.ch/pound/ ) to proxy
traffic from port 443 to another port using the local interface.

On Linux, I don't believe a regular user can open network devices for
dumping. At least that is what my tests below show me. Does anyone
know if its the kernel denying access or the library itself?  Can you
think of any other security concerns which would result from sending
unencrypted traffic over a local port?

Thanks!
Brock

[noland at a90 ~]$ cat pcap-open-default.c
#include <stdio.h>
#include <pcap.h>
int main(int argc, char *argv[])
{
        char *dev, errbuf[PCAP_ERRBUF_SIZE];
        dev = pcap_lookupdev(errbuf);
        if (dev == NULL) {
                fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
                return(2);
        }
        printf("Device: %s\n", dev);
        return(0);
}

[noland at a90 ~]$ gcc -lpcap pcap-open-default.c
[noland at a90 ~]$ ./a.out
Couldn't find default device: no suitable device found
[noland at a90 ~]$ sudo ./a.out
Device: eth0

[noland at a90 ~]$ cat pcap-find-all.c
#include <stdio.h>
#include <pcap.h>
int main(int argc, char *argv[])
{
        char errbuf[PCAP_ERRBUF_SIZE];
        pcap_if_t *dev;
        pcap_findalldevs(&dev, errbuf);
        if (dev == NULL) {
                fprintf(stderr, "Couldn't find any devices: %s\n", errbuf);
                return(2);
        }
        while(dev != NULL) {
                printf("Device: %s\n", dev->name);
                dev = dev->next;
        }
        return(0);
}

[noland at a90 ~]$ gcc -lpcap pcap-find-all.c
[noland at a90 ~]$ ./a.out
Couldn't find any devices: socket: Operation not permitted
[noland at a90 ~]$ sudo ./a.out
Device: eth0
Device: any
Device: lo