Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Dec 1999 17:29:56 +1100 (EST)
From:      Keith Anderson <keith@apcs.com.au>
To:        Matt Gostick <matt@crazylogic.net>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   RE: ethernet promiscuous mode.
Message-ID:  <XFMail.991208172956.keith@apcs.com.au>
In-Reply-To: <Pine.BSF.4.10.9912080049330.68943-100000@thunk.crazylogic.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Matt,

Some one as root was running something like 'trafshow'

Keith


On 08-Dec-99 Matt Gostick wrote:
> I looked in logs tonight and found this wierd entry tonight:
>  
> Dec  7 23:36:37 thunk /kernel: vr0: promiscuous mode enabled
> 
> At the time two other users where ssh'd in but where idle for
> quite some time.
> 
> It is my understanding that promiscuous mode is used for sniffers
> so they can capture all packets...  Is there any other reason why
> my ethernet card would go into promiscuous mode without root (me) 
> telling it to?  Or is it more probable that someone hacked root
> and is sniffing other machines on the network from my box?
> 
> 30 minutes later when I did ifconfig -a the vr0 device was not in
> PROMISC mode...
> 
> Thanks for any input,
> Matt.
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


"The box said 'Requires Windows 95, NT, or better,' so I installed FreeBSD."

**  The thing I like most about Windows 98 is...
**  You can download FreeBSD with it!

----------------------------------
E-Mail: Keith Anderson <keith@apcs.com.au>
Australia Power Control Systems Pty. Limited.
Date: 08-Dec-99
Time: 17:29:08
Satelite Service 64K to 2Meg
This message was sent by XFMail
----------------------------------

What's the similarity between an air
conditioner and a computer? They both
stop working when you open windows.

----------------------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.991208172956.keith>