Date: Thu, 19 Apr 2001 16:15:03 +0300 From: Peter Pentchev <roam@orbitel.bg> To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: promiscuous mode Message-ID: <20010419161503.A1527@ringworld.oblivion.bg> In-Reply-To: <OF25A75C37.DE5ADC61-ON86256A33.00484906@MC.VANDERBILT.EDU>; from George.Giles@mcmail.vanderbilt.edu on Thu, Apr 19, 2001 at 08:10:45AM -0500 References: <OF25A75C37.DE5ADC61-ON86256A33.00484906@MC.VANDERBILT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 19, 2001 at 08:10:45AM -0500, George.Giles@mcmail.vanderbilt.edu wrote: > I have a 4.2-RELEASE box that is going into, and out of, promiscuous mode > on the xl0 interface. What would cause this ? Is it a sign of a potential > problem ? 'Promiscuous mode' means that the kernel starts processing - and passing to userland programs - ethernet frames that are not targeted to this machine only. This means somebody (usu. root ;) is running a packet capture program - either tcpdump, or some traffic analysis utility, or - if none of the above - possibly a packet sniffer. In the last case, you should be alarmed. If you are not running tcpdump or some traffic analysis program, or if there are times that you are not running those, but the interface still goes into or out of promiscuous mode, then yes, this is a sign of a potential intrusion. G'luck, Peter -- I am the thought you are now thinking. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010419161503.A1527>