Aaron Dalton wrote:
I was running security/rkhunter and it warns me about my network card being in promiscuous mode. I have a few questions:
1) What exactly is promiscuous mode? (I've done some googling but haven't found anything really clear)
2) Why might it be considered a bad thing?
3) How do I disable it if it really is bad?
4) What are the effects of disabling it?
Thank you *so much* for your time!
Hi Aaron,
1) Promiscuous mode means that your network is dumping it packets somewhere, normally they get transported. Now the added feature is that a application like tcpdump can display the packets and with the correct options (tcpdump -X for example) you can even see what's inside the packets. If you do plain auth authorization it is possible with a 'sniffer' (which puts your network into promisc. mode) to see what the username and password of the user is, so using those credentials to do something evil.
2) see above
3) ifconfig -a (check which has PROMISC in it)
ifconfig interfacename -promisc turns the promisc mode off
4) the application that enabled promisc probably not functioning correctly anymore, which is perhaps good thing.
Are you running any IDS'es or something that you know? since they also put the network into promisc mode.
Cheers!
-- Kind regards,
Remko Lodder |[EMAIL PROTECTED] Reporter DSINet |[EMAIL PROTECTED] Projectleader Mostly-Harmless |[EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
