From owner-freebsd-questions Mon Apr 14 06:19:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA11041 for questions-outgoing; Mon, 14 Apr 1997 06:19:58 -0700 (PDT) Received: from mail.virginia.edu (mail.Virginia.EDU [128.143.2.9]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id GAA11035 for ; Mon, 14 Apr 1997 06:19:56 -0700 (PDT) Received: from archive.cs.virginia.edu by mail.virginia.edu id aa11620; 14 Apr 97 9:19 EDT Received: from stretch.cs.Virginia.edu (atf3r@stretch-fo.cs.Virginia.EDU [128.143.136.14]) by archive.cs.Virginia.EDU (8.7.5/8.7.3) with SMTP id JAA24067; Mon, 14 Apr 1997 09:19:53 -0400 (EDT) Received: by stretch.cs.Virginia.edu (4.1/SMI-2.0) id AA05071; Mon, 14 Apr 97 09:19:51 EDT Date: Mon, 14 Apr 1997 09:19:51 -0400 (EDT) From: "Adrian T. Filipi-Martin" Reply-To: adrian@virginia.edu To: Anthony Barlow Cc: freebsd-questions@freebsd.org Subject: Re: ed0 promiscuous mode? In-Reply-To: <199704140941.LAA14770@www.warp.co.uk> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 14 Apr 1997, Anthony Barlow wrote: > Apr 13 15:06:43 temp1 /kernal: ed0: promiscuous mode enabled > > What does it mean? > > temp1 is our test bed that I'm using to play around with to get used > to FreeBSD > > Regards, > Anthony It means that someone has enabled your ethernet interface for network packet sniffing. This has its legitimate uses, but you should discover who was doing this. Promiscuous mode _requires_ root privliges by default. It can be used by crackers/hackers to grab passwords floating around on a local ethernet. For more info see the bpf(4) and tcpdump(1) man pages. cheers, Adrian -- adrian@virginia.edu ---->>>>| Support your local programmer, System Administrator --->>>| STOP Software Patent Abuses NOW! NVL, NIIMS and Telemedicine Labs -->>| For an application and information Member: League for Programming Freedom ->| see: http://www.lpf.org/