LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

October 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS October 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: promiscuous mode?
From:	Brian Beausoleil <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Thu, 12 Oct 2006 12:00:32 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (82 lines)

Well I am not aware of anyone else having access to these servers except the
2 of us who maintain them, but I did notice these messages around the same
exact time...

Oct 12 10:36:09 pss1a ipsec_setup: stop ordered, but IPsec does not appear
to be running!
Oct 12 10:36:09 pss1a ipsec_setup: doing cleanup anyway...
Oct 12 10:36:09 pss1a ipsec_setup: KLIPS debug `none'
Oct 12 10:36:09 pss1a kernel:
Oct 12 10:36:09 pss1a ipsec_setup: KLIPS ipsec0 on eth1:0
<ip_address>/<subnet> broadcast <ip_address>
Oct 12 10:36:09 pss1a ipsec_setup: ...Openswan IPsec started
Oct 12 10:36:09 pss1a ipsec_setup: Starting Openswan IPsec 2.4.4...
Oct 12 10:36:10 pss1a kernel: device eth1 entered promiscuous mode

Perhaps that helps or means something.  If any of those commands are being
executed, could it be possible that something from the CAS itself or the CAM
is causing it?  It is only happening on 1 server.  We are running 4.0.3 on
the CAS and 4.0.3.2 on the CAM.

Brian Beausoleil
Network Services
Southern CT State University
Office: (203) 392-6109
Email: [log in to unmask]
 
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Eric Weakland
Sent: Thursday, October 12, 2006 11:10 AM
To: [log in to unmask]
Subject: Re: promiscuous mode?

Brian,

This usually means that someone has run tcpdump/wirshark/iptraf or 
something else that asked your network card to listen for all packets, not 
just ones destined for itself.  You need root priviledges (usually) to do 
this on *nix -so if you don't know why . . . you should find out.

Eric



Brian Beausoleil <[log in to unmask]> 
Sent by: Perfigo SecureSmart and CleanMachines Discussion List 
<[log in to unmask]>
10/12/2006 11:01 AM
Please respond to
Perfigo SecureSmart and CleanMachines Discussion List 
<[log in to unmask]>


To
[log in to unmask]
cc

Subject
promiscuous mode?






Can anyone tell me what this means?
 
?device eth1 entered promiscuous mode?
 
I found it in the /var/log/messages log file. Right after we received it, 
traffic stopped and the dhcp server shut down.
 
Thanks in advace.
 
Brian Beausoleil
Network Services
Southern CT State University
Office: (203) 392-6109
Email: [log in to unmask]

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU