Re: promiscuous mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Oliver Leitner wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Teo Fonrouge wrote:

| Oliver Leitner wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
|>
|> Teo Fonrouge wrote:
|>
|> | Hello, | | Using a FC4 box. | | Checking in my
|> /var/log/messages file I noticed that the kernel has |  setting
|> my eth0 interface in promiscuous mode regularly: | | Aug 21
|> 14:30:38 sx1 kernel: eth0: Setting promiscuous mode. Aug 21 |
|> 14:30:38 sx1 kernel: device eth0 entered promiscuous mode Aug 21
|> | 14:30:38 sx1 kernel: bridge-eth0: enabled promiscuous mode Aug
|> 21 | 14:31:36 sx1 kernel: device eth0 left promiscuous mode Aug
|> 21 | 14:31:36 sx1 kernel: bridge-eth0: disabled promiscuous mode
|> Aug 21 | 14:31:36 sx1 kernel: eth0: Setting promiscuous mode. Aug
|> 21 | 14:31:36 sx1 kernel: device eth0 entered promiscuous mode
|> Aug 21 | 14:31:36 sx1 kernel: bridge-eth0: enabled promiscuous
|> mode | | I believe that I haven't ran any program that causes
|> this. | | It is a normal kernel operation ? | | How can I know
|> what is causing this ? | | | best regards | | Teo Fonrogue | does
|> any of these programs ring a bell?:
|>
|> iptraf tcpdump ethereal
|
|
| None of this programs was running at such time.
|
|>
|> or any other monitoring program?
|
|
| Nope. :(
|
|>
|> greetings oliver
|
|
| Thank you Oliver
|
|
|
| best regards
|
| Teo Fonrouge
|
then try to look through user history, at your commandprompt type
history, best with a less or a more combined, and look what has been
started the past few days...

if none of it shows up well, get rkhunter, and check for any running
backdoors....
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFDC3UUxHPquN24yVsRA2htAJ4/Cprlrf0IuOugfelF2NMh0IUs8wCeOFbY
5W3ic4oQ68an1ART5jK2MoM=
=yaSf
-----END PGP SIGNATURE-----



rkhunter runned, all seems to be ok except for this message:

[...]
* Filesystem checks
   Checking /dev for suspicious files...                      [ OK ]
   Scanning for hidden files...                               [ Warning! ]
---------------
 /dev/.udevdb  /usr/share/man/man1/..1.gz  /etc/.pwd.lock
---------------
Please inspect:  /dev/.udevdb (directory)
[...]

really don't know what it means.

I'll try checking for shutting down some services in this box & see results.


Thank you for your help Oliver



best regards

Teo Fonrouge
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux