Date: Tue, 24 Aug 1999 18:19:34 -0500 (CDT) From: James Wyatt <jwyatt@bsdie.rwsystems.net> To: Shawn Workman <shawn@bsdguy.com> Cc: Stuart Henderson <stuart@eclipse.net.uk>, Dominik Brettnacher <domi@saargate.de>, freebsd-isp@FreeBSD.ORG Subject: What is promiscuous mode (was Re: IP Accounting) Message-ID: <Pine.BSF.4.10.9908241752580.24854-100000@bsdie.rwsystems.net> In-Reply-To: <036301beee72$9ddd48c0$24a535cf@ieasoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sounds like it's time for a quick security check on *that* host... 8{) Most machines don't use it (sucks CPU, sets-off anti-sniff alarms, etc...) If it is, you may have a legitimate application using it (trafshow, DHCP server, arpwatch, etc...) or someone *could* be running a sniffer on that machine that you don't know about. Could you quote the message you saw this in so we can help? The 'Dark Side' of an ethernet card running in 'promiscuous mode' is that it sends *all* (not just it's) packets to your kernel, allowing traffic on the network to be 'tapped' to record userids, passwords, connect-ports, etc... for later use. You never even know you've leaked until they log-in. It's 'Light Side' allows it to receive DHCP client requests, improving your network administration, or to generate statistics on network traffic flow for reporting. You don't turn it on or off. It changes when you start or stop an application that uses a BPF device. Do a 'ps auxw' and check-off all the processes you know until you find the process that is doing it. If you have been broken-into, the process might not show up if they replaced your 'ps'. There is no truth that you can catch a virus for using a promiscuous ethernet card. 8{) - Jy@ On Tue, 24 Aug 1999, Shawn Workman wrote: > I always see that my NIC is in promiscuous mode, is that a bad thing? > > how do I change it if it is? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908241752580.24854-100000>