Date: Mon, 24 Apr 2000 08:08:37 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Alex Michlin <alex@delete.org> Cc: freebsd-security@FreeBSD.ORG Message-ID: <200004241509.IAA13292@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 21 Apr 2000 14:26:40 EDT." <Pine.BSF.4.10.10004211424240.5248-100000@cx638115-d.sthngtn1.ct.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.10004211424240.5248-100000@cx638115-d.sthngtn1 .ct.hom e.com>, Alex Michlin writes: > How can a hacker enable promiscious mode though an ftp connection? > I did a `last` to see who, if anyone, logged on and the only logon I saw > was an ftp connection from an @home machine. I don't see any extra > programs running on the machine. Do I need to be concerned about telnet > passwords, etc? > > Apr 20 13:10:12 hostname /kernel: xl0: promiscuous mode enabled Are you sure it's a hacker? Do these "events" coincide with other events, e.g. system boot, an application starting, etc.? For example, we use an application called egd (entropy gathering daemon) on our servers on our raised floors, which puts the interfaces into promiscuous mode, among other entropy gathering things done, just after boot to initially set up its entropy pool. Therefore I can directly correlate promiscuous mode with system boot. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004241509.IAA13292>