Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Aug 1999 18:19:34 -0500 (CDT)
From:      James Wyatt <jwyatt@bsdie.rwsystems.net>
To:        Shawn Workman <shawn@bsdguy.com>
Cc:        Stuart Henderson <stuart@eclipse.net.uk>, Dominik Brettnacher <domi@saargate.de>, freebsd-isp@FreeBSD.ORG
Subject:   What is promiscuous mode (was Re: IP Accounting)
Message-ID:  <Pine.BSF.4.10.9908241752580.24854-100000@bsdie.rwsystems.net>
In-Reply-To: <036301beee72$9ddd48c0$24a535cf@ieasoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sounds like it's time for a quick security check on *that* host... 8{)
Most machines don't use it (sucks CPU, sets-off anti-sniff alarms, etc...)
If it is, you may have a legitimate application using it (trafshow, DHCP
server, arpwatch, etc...) or someone *could* be running a sniffer on that
machine that you don't know about. Could you quote the message you saw
this in so we can help?

The 'Dark Side' of an ethernet card running in 'promiscuous mode' is that
it sends *all* (not just it's) packets to your kernel, allowing traffic on
the network to be 'tapped' to record userids, passwords, connect-ports,
etc... for later use. You never even know you've leaked until they log-in.  
It's 'Light Side' allows it to receive DHCP client requests, improving
your network administration, or to generate statistics on network traffic
flow for reporting.

You don't turn it on or off. It changes when you start or stop an
application that uses a BPF device. Do a 'ps auxw' and check-off all the
processes you know until you find the process that is doing it. If you
have been broken-into, the process might not show up if they replaced your
'ps'. There is no truth that you can catch a virus for using a promiscuous
ethernet card. 8{) - Jy@

On Tue, 24 Aug 1999, Shawn Workman wrote:
> I always see that my NIC is in promiscuous mode, is that a bad thing?
> 
> how do I change it if it is?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908241752580.24854-100000>