Internet.com
Get your
ISP-News
courtesy of
internetnews.com



Search ISP-Lists
Search:
ISP Channel
CLEC-Planet
ISP Glossary
ISP News
ISP-Planet
ISP-Lists
E-mail Newsletters
Opt-in Announcements
Discussion Forums
internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

The ISP-Lists.com Email Discussion List Community

<- Previous Message | Next Message ->
Thread Index
[isp-linux] Re: Promiscuous mode 
Is there any other evidence that you have been breeched?  I would
definatley do a total reload *if possible*. !!!

Dale Worley wrote:
> 
> Hi everyone,
> 
> Last week I wrote on my RedHat 6.2 box that I had just loaded went into
> promiscuous mode on eth0. I went into the messages log and saw some stuff
> that looks suspicious:
> 
> useradd [820]: new group: name=etc, gid=501
> useradd [820]: new user: name=etc, uit=501, gid=501, home=/home/etc,
> shell=/bin/bash
> PAM_pwdb[821]: password for (etc/501) changed by ((null)/0)
> modprobe: modprobe: Can't locate module binfmt-457f
> 
> obviously someone added themselves as a user, and attempted to run modprobe.
> my question is can I just remove this user or should I just re-format and
> reload?
> 
> Thanks for all your input...
> Dale
> 
> ;-> -----Original Message-----
> ;-> From: dan [mailto:dan@...> ;-> Sent: Friday, February 23, 2001 4:24 PM
> ;-> To: isp-linux@isp-linux.com
> ;-> Subject: [isp-linux] Re: Promiscuous mode
> ;->
> ;->
> ;-> Dale,
> ;->
> ;-> promiscuous mode is enabled/disabled via ifconfig. I don't
> ;-> know where
> ;-> network settings are on redhat, but if you do, you can
> ;-> change the default
> ;-> ifconfig statement to include a -promisc to disable it.  It
> ;-> should not be
> ;-> on by default.
> ;->
> ;-> I doubt if someone is probing your machine. I don't know
> ;-> why that message
> ;-> would pop up, maybe a redhat guru could answer that better.
> ;->
> ;-> promisc merely allows that interface to receive all packets on the
> ;-> network.
> ;->
> ;-> Dan
> ;->
> ;-> On Fri, 23 Feb 2001, Dale Worley wrote:
> ;->
> ;-> > so I'm sitting here with my RH6.2 box just started,
> ;-> plugged in to my network
> ;-> > and then a message pops up
> ;-> >
> ;-> > eth0: Promiscuous mode enabled.
> ;-> >
> ;-> > how did this happen? how do I turn it off, is someone
> ;-> probing my machine?
> ;-> >
> ;-> > thanks
> ;-> > Dale
> ;-> >
> ;-> >
> ;-> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ;-> > Penguinistas!  Find out the latest news, tips and opinions
> ;-> > making its way through the Linux industry.
> ;-> > http://www.linuxplanet.com/linuxplanet
> ;-> >




> ;-> >
> ;->
> ;->
> ;-> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ;-> Penguinistas!  Find out the latest news, tips and opinions
> ;-> making its way through the Linux industry.
> ;-> http://www.linuxplanet.com/linuxplanet/
> ;->




> ;->
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Penguinistas!  Find out the latest news, tips and opinions
> making its way through the Linux industry.
> http://www.linuxplanet.com/linuxplanet/
> 





--
robert canary
system services
OhioCounty.Net
rwcanary@...
(270)298-9331 Office
(270)298-7449 Fax

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Penguinistas!  Find out the latest news, tips and opinions
making its way through the Linux industry.
http://www.linuxplanet.com/linuxplanet/
Replies
[isp-linux] Re: Promiscuous mode, E.B. Dreger
[isp-linux] Re: Promiscuous mode, Les garten
Replies
[isp-linux] Re: Promiscuous mode, Dale Worley
<- Previous Message | Next Message ->
Thread Index

ISP Glossary
Find an ISP Term

Need Help?