[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Promiscuous mode (was Re: ifconfig doesn't report Promiscuous interfaces)




Hi, Are you sure that this machine wasn't compromised ???

this line made me wonder about what the correct output of ifconfig should be. I assume that if I am not listening on the port, the PROMISC entry should not be reported in ifconfig. I should only see PROMISC if I am running tcpdump, ethereal or some other program that listens on the ethernet port.

On eth0, I see PROMISC all the time. On eth1 & eth2, I only see it when I am running tcpdump. I have ipchains denying all traffic on the link that is directly connected to the net. This is run before the interfaces are configured. Despite ipchains, all services (telnet, ftp, apache etc) are turned off coz I don't use them. I run apt-get update/upgrade daily to keep up with security updates from security.debian.org. The kernel is 2.2.17

Is there any reason for eth0 to be showing PROMISC all the time or is this a sign that the system has some how been compromised and someone/something is capturing all internet traffic? Everything looks fine on the system. Hopefully I am being unnecessarily paranoid.

jmb


Reply to: