Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Apr 2006 21:50:12 -0500
From:      Kevin Kinsey <kdk@daleco.biz>
To:        jekillen <jekillen@prodigy.net>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: Kernel messages
Message-ID:  <44484864.9090704@daleco.biz>
In-Reply-To: <e8971f6d1068913169dd073d0c9e72e9@prodigy.net>
References:  <e8971f6d1068913169dd073d0c9e72e9@prodigy.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
jekillen wrote:

> Hello;
> I have a question about a disconcerting event relayed to me from my 
> kernel.
> there are eight entries regarding network interface status:
> rl0 link changed to DOWN
> "            "           "  UP
> "           "            "  DOWN
> "          "             "  UP
> sis0 promiscuous mode enabled
> "        "                          disabled
> "         "                         enabled
> "         "                         disabled
> The disconcerting entries are re sis0 promiscuous mode enabled.
> Is the kernel trying to eaves drop on someone?


Not without assistance, most likely ;-).

> One link is to the inside network and the other is to static ip address
> that is assigned but as yet has not been configured on the router to
> receive requests from outside.
> I admit, I am learning at this point. I've been watching the router 
> security log and
> have seen just in the last week (as long as it has had the static ip's 
> assigned)
> several hundred broadcast amplification attempts blocked.
> And I have been reading my root mail and am now interested in a 
> tutorial or
> some published specifics about how to interpret these messages.
> I'm running v6 release on AMD64. I'm setting up to host a web site.
> thanks in advance.
> JK
> PS in the mean time I will be going through what I have already.


Generally, "promiscuous mode" is pretty much what you
have guessed ... used in network analysis.  Software such
as bpf(4), and higher level apps such as netgraph, tcpdump,
ethereal, etc. use "promiscuous mode" to grab network traffic.
So, the first thing you ask yourself is, have I (or anyone allowed
to be "root") used any of this type of software?

There might be other explanations, but I'm not suitably
prepared to address them.

Kevin Kinsey

-- 
The idle mind knows not what it is it wants.
		-- Quintus Ennius

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44484864.9090704>