Re: device eth0 entered promiscuous mode
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 09/25/03
- Next message: erik: "Re: Did I give up on telnet too easily?"
- Previous message: David: "Re: device eth0 entered promiscuous mode"
- In reply to: David: "Re: device eth0 entered promiscuous mode"
- Next in thread: Robert: "Re: device eth0 entered promiscuous mode"
- Reply: Robert: "Re: device eth0 entered promiscuous mode"
- Reply: Robert: "Re: device eth0 entered promiscuous mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Sep 2003 13:13:55 -0700
In article <nPGcb.577882$Ho3.107002@sccrnsc03>, David wrote:
> Robert McIntosh wrote:
>> I'm running RH 9 (2.4.20-8). Today I noticed in dmesg that the NIC entered
>> promiscuous mode, but I'm unsure when it entered promiscuous mode.
>
> It can be a sign of a "sniffer" but don't go doing a reinstall yet.
True.
> Have you run chkrootkit on the system?
IMHO: waste of time. I'd bet Euros to Eucalyptus leaves that it was
something Robert did.
Robert: check the log files to find out when the promiscuity happened.
What were you doing at the time?
> Does the system have a firewall on it?
> Has the system been kept up2date with all security updates?
> Does the system run any services (web,mail,ftp,etc..)servers
Yes, the proper answers to these questions will mean that a compromise
is highly improbable.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: erik: "Re: Did I give up on telnet too easily?"
- Previous message: David: "Re: device eth0 entered promiscuous mode"
- In reply to: David: "Re: device eth0 entered promiscuous mode"
- Next in thread: Robert: "Re: device eth0 entered promiscuous mode"
- Reply: Robert: "Re: device eth0 entered promiscuous mode"
- Reply: Robert: "Re: device eth0 entered promiscuous mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
