Re: odd log mesage...looks serious

From: Brett Glass (brett_at_lariat.org)
Date: 12/25/04

  • Next message: estover_at_nativenerds.com: "Re: odd log mesage...looks serious" 
    Date: Sat, 25 Dec 2004 10:52:52 -0700
To: Bob Ababurko <ababurko@adelphia.net>, freebsd-security@freebsd.org

    The most common situation in which you'll see such messages is when a program
    (often tcpdump) is sniffing packets on an interface via bpf. (tcpdump normaly shifts
    the interface into promiscuous mode so it can see every packet an interface receives,
    even if it's not bound for that machine.) If you were not running tcpdump or something
    similar, it's possible that a sniffer has been planted on your machine.

    --Brett Glass

    At 10:39 AM 12/25/2004, Bob Ababurko wrote:
      
    >hello all-
    >
    >and a happy holiday to all you geeks that are in front of the crt!
    >
    >I found these log messages in my logs and I am not sure what some of them signify.
    >
    >Dec 23 19:08:39 smtp kernel: Limiting closed port RST response from 221 to 200 packets/sec
    >Dec 23 19:08:40 smtp kernel: Limiting closed port RST response from 241 to 200 packets/sec
    >Dec 24 05:32:34 smtp kernel: fxp0: promiscuous mode enabled
    >Dec 24 05:32:49 smtp kernel: fxp0: promiscuous mode disabled
    >Dec 24 05:33:01 smtp kernel: fxp0: promiscuous mode enabled
    >Dec 24 08:18:44 smtp kernel: fxp0: promiscuous mode disabled
    >Dec 24 12:48:57 smtp kernel: Limiting closed port RST response from 201 to 200 packets/sec
    >
    >I understand the "Limiting closed port RST response". ....but what are the promiscuous mode enabled and disabled on my NIC? I am not doing this, so who or what is doing this. Or better yet, what does this mean? I have a fear that this one is serious. So what I need is some direction into finding out how this occurs and what I can do to stop it.
    >
    >thanks,
    >Bob
    >_______________________________________________
    >freebsd-security@freebsd.org mailing list
    >http://lists.freebsd.org/mailman/listinfo/freebsd-security
    >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: estover_at_nativenerds.com: "Re: odd log mesage...looks serious"

    Relevant Pages

    • [2.6.15] running tcpdump on 3c905b causes freeze (reproducable)
      ... My system freezes (crashes) when I run tcpdump on the interface ... To see all register values use the '-f' flag. ...
      (Linux-Kernel)
    • Re: how to keep tcpdump running?
      ... |> I have a dialup connection on which I would like to keep tcpdump running ... |> up, the raw socket is broken, too, and tcpdump exits losing its state. ... |> trying to re-establish the raw socket and when the interface comes back, ... The problem is, if tcpdump exits and restarts, then it ...
      (comp.os.linux.development.system)
    • Re: Freebsd MPD PPTP
      ... The connection goes well, ... connectivity (the clients' Windows icon show packet are being sent, ... A tcpdump on the external interface shows no packets going out and the same for tcpdump on ng0. ...
      (freebsd-net)
    • Re: how to keep tcpdump running?
      ... > |> I have a dialup connection on which I would like to keep tcpdump running ... > |> up, the raw socket is broken, too, and tcpdump exits losing its state. ... The problem is, if tcpdump exits and restarts, then it ... > | behavior of the interface, then there is a tool for that. ...
      (comp.os.linux.development.system)
    • [ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]
      ... While playing around with FreeBSD 5.4 and jailing I discovered that it was ... and a BPF device is available in the jail ... "The Berkeley Packet Filter provides a raw interface to data link layers ... Now starting tcpdump in the jail: ...
      (FreeBSD-Security)