"sniffing" and that's a great tool to find obscure TCP/IP communication bugs) It just means that your network adapter will be able to read TCP/IP packets that are meant for other adapters. Ignoring tell tale signs like this and dismissing them is the lax security mindset that is plaguing so many businesses and institutions these days.
No, but the behaviour is a red flag and should be investigated. OS Information: Description: Ubuntu 14.10ġ) Always worry.The hackers don't want you to pay attention to the logs and ethernet devices "mysteriously" turning on promiscuous mode for no reason.Ģ) Promiscuous mode on a computer has nothing to do with catching nasty viruses like AIDS. So what does this mean and should I be worried about it? Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."Īpr 8 11:26:15 Bath-Towel kernel: device eth0 entered promiscuous modeĪpr 8 11:26:18 Bath-Towel kernel: device eth0 entered promiscuous modeĪpr 8 11:26:21 Bath-Towel kernel: device eth0 entered promiscuous mode Received From: Bath-Towel->/var/log/syslog
I have installed the latest version of OSSEC HIDS (2.8.1), and I keep now getting these email notifications from it: OSSEC HIDS Notification.
0 kommentar(er)
