| 1 |
On Thursday 13 December 2007, Dan Farrell wrote: |
| 2 |
> On Thu, 06 Dec 2007 09:50:58 -0500 |
| 3 |
> |
| 4 |
> Billy Holmes <billy@××××××.net> wrote: |
| 5 |
> > also look for entries where is says eth0 has entered promiscuous |
| 6 |
> > mode |
| 7 |
> > - that's a sure fire sign you've been hacked.. unless you're running |
| 8 |
> > a virtual machine with a bridge, or your own packet sniffer/traffic |
| 9 |
> > monitor - like ntop. |
| 10 |
> |
| 11 |
> I have several machines that give that message, but I don't believe |
| 12 |
> they've been hacked. Insight? |
| 13 |
|
| 14 |
Well, certain apps will put your interface into a promiscuous mode if they are |
| 15 |
trying to listen to the traffic arriving at it; e.g. tcpdump, ntop, |
| 16 |
wireshark, etc. |
| 17 |
-- |
| 18 |
Regards, |
| 19 |
Mick |
Archives