On Wednesday 15 September 2004 06:52 pm, Chris wrote: > The subject says it all. RKHunter reports I have it turned on. I'm > running no servers, that I'm aware of. I've checked google and > google/linux for an explanation and I haven't found a good explanaton.
If you are running an intrusion detection system, such as Snort, the application itself will put the ethernet device into promiscuous mode so that it can listen to all communication attempts to know when you are being probed and attacked. Network sniffers, some port sentry applications, network usage monitors, etc. all require the ethernet device to be in promiscuous mode in order to monitor communications. The only warning attached to a device being switched to promiscuous mode is that a sniffer may have been surreptiously loaded onto your system. Check to make sure that you do not have a sniffer running that YOU are unaware of, other than that, it is really no problem. From the web: 1) In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for example, for monitoring network usage). To turn it off, issue the command as root ifconfig eth0 -promisc then check with ifconfig eth0 and it you should not see PROMISC as in the result below UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
