From owner-freebsd-security@FreeBSD.ORG  Sat Dec 25 17:39:18 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AB9C016A4CE
	for <freebsd-security@freebsd.org>;
	Sat, 25 Dec 2004 17:39:18 +0000 (GMT)
Received: from dreadlock.phreakout.net (dreadlock.phreakout.net [12.45.16.51])
	by mx1.FreeBSD.org (Postfix) with SMTP id 273C943D39
	for <freebsd-security@freebsd.org>;
	Sat, 25 Dec 2004 17:39:18 +0000 (GMT)
	(envelope-from ababurko@adelphia.net)
Received: (qmail 2375 invoked from network); 25 Dec 2004 17:42:39 -0000
Received: from 24-52-224-96.kntnny.adelphia.net (HELO ?192.168.102.100?)
	(24.52.224.96)
	by dreadlock.phreakout.net with SMTP; 25 Dec 2004 17:42:39 -0000
Message-ID: <41CDA5C0.3000105@adelphia.net>
Date: Sat, 25 Dec 2004 12:39:12 -0500
From: Bob Ababurko <ababurko@adelphia.net>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: odd log mesage...looks serious
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Dec 2004 17:39:18 -0000

hello all-

and a happy holiday to all you geeks that are in front of the crt!

I found these log messages in my logs and I am not sure what some of 
them signify.

Dec 23 19:08:39 smtp kernel: Limiting closed port RST response from 221 
to 200 packets/sec
Dec 23 19:08:40 smtp kernel: Limiting closed port RST response from 241 
to 200 packets/sec
Dec 24 05:32:34 smtp kernel: fxp0: promiscuous mode enabled
Dec 24 05:32:49 smtp kernel: fxp0: promiscuous mode disabled
Dec 24 05:33:01 smtp kernel: fxp0: promiscuous mode enabled
Dec 24 08:18:44 smtp kernel: fxp0: promiscuous mode disabled
Dec 24 12:48:57 smtp kernel: Limiting closed port RST response from 201 
to 200 packets/sec

I understand the "Limiting closed port RST response". ....but what are 
the promiscuous mode enabled and disabled on my NIC?  I am not doing 
this, so who or what is doing this.  Or better yet, what does this mean? 
  I have a fear that this one is serious.  So what I need is some 
direction into finding out how this occurs and what I can do to stop it.

thanks,
Bob