From owner-freebsd-security  Wed Dec  8 10: 2:16 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apcs.com.au (unknown [203.41.196.19])
	by hub.freebsd.org (Postfix) with ESMTP id 891C11555F
	for <freebsd-security@FreeBSD.ORG>; Wed,  8 Dec 1999 10:02:02 -0800 (PST)
	(envelope-from keith@apcs.com.au)
Received: (from keith@localhost)
	by apcs.com.au (8.9.3/8.9.2) id RAA00715;
	Wed, 8 Dec 1999 17:29:56 +1100 (EST)
	(envelope-from keith)
Message-ID: <XFMail.991208172956.keith@apcs.com.au>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.BSF.4.10.9912080049330.68943-100000@thunk.crazylogic.net>
Date: Wed, 08 Dec 1999 17:29:56 +1100 (EST)
From: Keith Anderson <keith@apcs.com.au>
To: Matt Gostick <matt@crazylogic.net>
Subject: RE: ethernet promiscuous mode.
Cc: freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi Matt,

Some one as root was running something like 'trafshow'

Keith


On 08-Dec-99 Matt Gostick wrote:
> I looked in logs tonight and found this wierd entry tonight:
>  
> Dec  7 23:36:37 thunk /kernel: vr0: promiscuous mode enabled
> 
> At the time two other users where ssh'd in but where idle for
> quite some time.
> 
> It is my understanding that promiscuous mode is used for sniffers
> so they can capture all packets...  Is there any other reason why
> my ethernet card would go into promiscuous mode without root (me) 
> telling it to?  Or is it more probable that someone hacked root
> and is sniffing other machines on the network from my box?
> 
> 30 minutes later when I did ifconfig -a the vr0 device was not in
> PROMISC mode...
> 
> Thanks for any input,
> Matt.
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


"The box said 'Requires Windows 95, NT, or better,' so I installed FreeBSD."

**  The thing I like most about Windows 98 is...
**  You can download FreeBSD with it!

----------------------------------
E-Mail: Keith Anderson <keith@apcs.com.au>
Australia Power Control Systems Pty. Limited.
Date: 08-Dec-99
Time: 17:29:08
Satelite Service 64K to 2Meg
This message was sent by XFMail
----------------------------------

What's the similarity between an air
conditioner and a computer? They both
stop working when you open windows.

----------------------------------



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message