Date: Wed, 08 Dec 1999 10:26:22 +0000 From: David Pick <D.M.Pick@qmw.ac.uk> To: Matt Gostick <matt@crazylogic.net> Cc: freebsd-security@freebsd.org Subject: Re: ethernet promiscuous mode. Message-ID: <E11veIg-0006zR-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "Wed, 08 Dec 1999 00:58:23 EST." <Pine.BSF.4.10.9912080049330.68943-100000@thunk.crazylogic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hypothesising, anything that wants to be less specific than usual about the destination IP address might use promiscuous mode: * user-mode BOOTP client * user-mode DHCP client * multi-cast reception * packet sniffer * intrusion detection system (to sniff packets!) * &c, &c > 30 minutes later when I did ifconfig -a the vr0 device was not in > PROMISC mode... Are you *sure*? If someone *has* "cracked" you and installed a rootkit "ifconfig" might have been replaced by a modified version that does not report the true facts - I'd reccommend (at least) deliberately putting the interface into promiscuous mode yourself and double- checking that "ifconfig" reports the fact correctly... -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E11veIg-0006zR-00>