From owner-freebsd-security Thu Apr 19 6:19: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 0E35B37B42C for ; Thu, 19 Apr 2001 06:19:03 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f3JDGhb03089; Thu, 19 Apr 2001 06:16:43 -0700 (PDT) Date: Thu, 19 Apr 2001 06:16:43 -0700 From: Alfred Perlstein To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: promiscuous mode Message-ID: <20010419061643.I976@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from George.Giles@mcmail.vanderbilt.edu on Thu, Apr 19, 2001 at 08:10:45AM -0500 X-all-your-base: are belong to us. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * George.Giles@mcmail.vanderbilt.edu [010419 06:11] wrote: > I have a 4.2-RELEASE box that is going into, and out of, promiscuous mode > on the xl0 interface. What would cause this ? Is it a sign of a potential > problem ? If you're the admin and no one else should be running the network interface in this mode it's a sign of a compromised of security, mainly that your box may be compromised. Just make sure you're not seeing this becasue of things that need promiscuous mode like dhcpd and various network monitoring tools such as tcpdump. -- -Alfred Perlstein - [alfred@freebsd.org] Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message