On Thursday 13 December 2007, Dan Farrell wrote: > On Thu, 06 Dec 2007 09:50:58 -0500 > > Billy Holmes <[EMAIL PROTECTED]> wrote: > > also look for entries where is says eth0 has entered promiscuous > > mode > > - that's a sure fire sign you've been hacked.. unless you're running > > a virtual machine with a bridge, or your own packet sniffer/traffic > > monitor - like ntop. > > I have several machines that give that message, but I don't believe > they've been hacked. Insight?
Well, certain apps will put your interface into a promiscuous mode if they are trying to listen to the traffic arriving at it; e.g. tcpdump, ntop, wireshark, etc. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
