Subject: | |
From: | |
Reply To: | |
Date: | Thu, 12 Oct 2006 12:00:32 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Well I am not aware of anyone else having access to these servers except the
2 of us who maintain them, but I did notice these messages around the same
exact time...
Oct 12 10:36:09 pss1a ipsec_setup: stop ordered, but IPsec does not appear
to be running!
Oct 12 10:36:09 pss1a ipsec_setup: doing cleanup anyway...
Oct 12 10:36:09 pss1a ipsec_setup: KLIPS debug `none'
Oct 12 10:36:09 pss1a kernel:
Oct 12 10:36:09 pss1a ipsec_setup: KLIPS ipsec0 on eth1:0
<ip_address>/<subnet> broadcast <ip_address>
Oct 12 10:36:09 pss1a ipsec_setup: ...Openswan IPsec started
Oct 12 10:36:09 pss1a ipsec_setup: Starting Openswan IPsec 2.4.4...
Oct 12 10:36:10 pss1a kernel: device eth1 entered promiscuous mode
Perhaps that helps or means something. If any of those commands are being
executed, could it be possible that something from the CAS itself or the CAM
is causing it? It is only happening on 1 server. We are running 4.0.3 on
the CAS and 4.0.3.2 on the CAM.
Brian Beausoleil
Network Services
Southern CT State University
Office: (203) 392-6109
Email: [log in to unmask]
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Eric Weakland
Sent: Thursday, October 12, 2006 11:10 AM
To: [log in to unmask]
Subject: Re: promiscuous mode?
Brian,
This usually means that someone has run tcpdump/wirshark/iptraf or
something else that asked your network card to listen for all packets, not
just ones destined for itself. You need root priviledges (usually) to do
this on *nix -so if you don't know why . . . you should find out.
Eric
Brian Beausoleil <[log in to unmask]>
Sent by: Perfigo SecureSmart and CleanMachines Discussion List
<[log in to unmask]>
10/12/2006 11:01 AM
Please respond to
Perfigo SecureSmart and CleanMachines Discussion List
<[log in to unmask]>
To
[log in to unmask]
cc
Subject
promiscuous mode?
Can anyone tell me what this means?
?device eth1 entered promiscuous mode?
I found it in the /var/log/messages log file. Right after we received it,
traffic stopped and the dhcp server shut down.
Thanks in advace.
Brian Beausoleil
Network Services
Southern CT State University
Office: (203) 392-6109
Email: [log in to unmask]
|
|
|