Date: Fri, 20 Apr 2001 14:01:18 -0400 From: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca> To: Peter Pentchev <roam@orbitel.bg> Cc: freebsd-security@FreeBSD.ORG Subject: Re: promiscuous mode Message-ID: <3AE0796E.E5DBCD3E@lmc.ericsson.se> References: <OF25A75C37.DE5ADC61-ON86256A33.00484906@MC.VANDERBILT.EDU> <20010419161503.A1527@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
That would fit nicely as a FAQ answer. A. Peter Pentchev wrote: > > On Thu, Apr 19, 2001 at 08:10:45AM -0500, George.Giles@mcmail.vanderbilt.edu wrote: > > I have a 4.2-RELEASE box that is going into, and out of, promiscuous mode > > on the xl0 interface. What would cause this ? Is it a sign of a potential > > problem ? > > 'Promiscuous mode' means that the kernel starts processing - and passing > to userland programs - ethernet frames that are not targeted to this machine > only. This means somebody (usu. root ;) is running a packet capture program - > either tcpdump, or some traffic analysis utility, or - if none of the above - > possibly a packet sniffer. In the last case, you should be alarmed. > > If you are not running tcpdump or some traffic analysis program, or if there > are times that you are not running those, but the interface still goes into > or out of promiscuous mode, then yes, this is a sign of a potential intrusion. > > G'luck, > Peter > > -- > I am the thought you are now thinking. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- La sémantique est la gravité de l'abstraction. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE0796E.E5DBCD3E>