promiscuous ethernet
Joel Garry
this in it:
linsniffer uses obsolete (PF_INET,SOCK_PACKET)
eth0: Setting promiscuous mode.
device eth0 entered promiscuous mode
Is this normal, or is someone poking at me? I'm not running a firewall yet.
nfs_stat had trouble shutting down after that, too.
jg
--
These opinions are my own.
http://www.garry.to Oracle and unix guy.
mailto:joel-...@nospam.home.com Remove nospam to reply.
Tracy R Reed
someone is running a sniffer in an effort to collect passwords. Get help from
an experienced Linux/Unix guru if you can't determine for sure if you have
been intruded upon and if you have, reinstall that system from scratch ASAP.
Under no normal circumstances does an ethernet card just go into promiscuous
mode all by itself.
--
--
Tracy Reed http://www.ultraviolet.org
* Maelcum likes his flame broiled dragon on sourdough
Joel Garry
<tr...@freeside.ultraviolet.org> wrote:
>Yikes! I hate to be alarmist but my guess is your computer is hacked and
>someone is running a sniffer in an effort to collect passwords. Get help from
>an experienced Linux/Unix guru if you can't determine for sure if you have
>been intruded upon and if you have, reinstall that system from scratch ASAP.
>Under no normal circumstances does an ethernet card just go into promiscuous
>mode all by itself.
Thanks. After I saw your message (through deja/google/
whateveritisnowthatIcan'tpostwithitanymore), I started searching, and found
a lot of posts about how I have to wipe my disk clean. <sigh>. So I unplugged
from the net, poked about, indeed found a root user called cgi that I didn't
put there, turned off port 23, and am in the process of installing a new OS.
/var/log/messages clearly shows a buffer overrun attack just before the cgi
user was created. Musta been a script kiddee not to undo that evidence.
I'd rather be reading usenet, dammit.