promiscuous mode
Oliver Leitner
shadow333 at gmail.com
Tue Aug 23 19:12:21 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Teo Fonrouge wrote:
| Oliver Leitner wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
|>
|> Teo Fonrouge wrote:
|>
|> | Hello, | | Using a FC4 box. | | Checking in my
|> /var/log/messages file I noticed that the kernel has | setting
|> my eth0 interface in promiscuous mode regularly: | | Aug 21
|> 14:30:38 sx1 kernel: eth0: Setting promiscuous mode. Aug 21 |
|> 14:30:38 sx1 kernel: device eth0 entered promiscuous mode Aug 21
|> | 14:30:38 sx1 kernel: bridge-eth0: enabled promiscuous mode Aug
|> 21 | 14:31:36 sx1 kernel: device eth0 left promiscuous mode Aug
|> 21 | 14:31:36 sx1 kernel: bridge-eth0: disabled promiscuous mode
|> Aug 21 | 14:31:36 sx1 kernel: eth0: Setting promiscuous mode. Aug
|> 21 | 14:31:36 sx1 kernel: device eth0 entered promiscuous mode
|> Aug 21 | 14:31:36 sx1 kernel: bridge-eth0: enabled promiscuous
|> mode | | I believe that I haven't ran any program that causes
|> this. | | It is a normal kernel operation ? | | How can I know
|> what is causing this ? | | | best regards | | Teo Fonrogue | does
|> any of these programs ring a bell?:
|>
|> iptraf tcpdump ethereal
|
|
| None of this programs was running at such time.
|
|>
|> or any other monitoring program?
|
|
| Nope. :(
|
|>
|> greetings oliver
|
|
| Thank you Oliver
|
|
|
| best regards
|
| Teo Fonrouge
|
then try to look through user history, at your commandprompt type
history, best with a less or a more combined, and look what has been
started the past few days...
if none of it shows up well, get rkhunter, and check for any running
backdoors....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFDC3UUxHPquN24yVsRA2htAJ4/Cprlrf0IuOugfelF2NMh0IUs8wCeOFbY
5W3ic4oQ68an1ART5jK2MoM=
=yaSf
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list