1 |
On Thursday 13 December 2007, Dan Farrell wrote: |
2 |
> On Thu, 06 Dec 2007 09:50:58 -0500 |
3 |
> |
4 |
> Billy Holmes <billy@××××××.net> wrote: |
5 |
> > also look for entries where is says eth0 has entered promiscuous |
6 |
> > mode |
7 |
> > - that's a sure fire sign you've been hacked.. unless you're running |
8 |
> > a virtual machine with a bridge, or your own packet sniffer/traffic |
9 |
> > monitor - like ntop. |
10 |
> |
11 |
> I have several machines that give that message, but I don't believe |
12 |
> they've been hacked. Insight? |
13 |
|
14 |
Well, certain apps will put your interface into a promiscuous mode if they are |
15 |
trying to listen to the traffic arriving at it; e.g. tcpdump, ntop, |
16 |
wireshark, etc. |
17 |
-- |
18 |
Regards, |
19 |
Mick |