Re: odd log mesage...looks serious
If you haven't been running trafshow, tcpdump, ngrep or some other traffic
sniffer, more than likely someone has hacked you. I believe it takes root
privileges to put the interface into promiscuous mode.
If this is the case, the attacker is likely sniffing for passords and/or
email traffic, since this looks like a mail server.
Lately, it seems that a lot of hackers are not affecting the system to the
point that the owner would notice (ie changing passwords, etc), so they
can hang on to it for a while. Generally, its for spamming purposes these
days, but it's hard to say.
Jerry
http://www.syslog.org
> hello all-
>
> and a happy holiday to all you geeks that are in front of the crt!
>
> I found these log messages in my logs and I am not sure what some of
> them signify.
>
> Dec 23 19:08:39 smtp kernel: Limiting closed port RST response from 221
> to 200 packets/sec
> Dec 23 19:08:40 smtp kernel: Limiting closed port RST response from 241
> to 200 packets/sec
> Dec 24 05:32:34 smtp kernel: fxp0: promiscuous mode enabled
> Dec 24 05:32:49 smtp kernel: fxp0: promiscuous mode disabled
> Dec 24 05:33:01 smtp kernel: fxp0: promiscuous mode enabled
> Dec 24 08:18:44 smtp kernel: fxp0: promiscuous mode disabled
> Dec 24 12:48:57 smtp kernel: Limiting closed port RST response from 201
> to 200 packets/sec
>
> I understand the "Limiting closed port RST response". ....but what are
> the promiscuous mode enabled and disabled on my NIC? I am not doing
> this, so who or what is doing this. Or better yet, what does this mean?
> I have a fear that this one is serious. So what I need is some
> direction into finding out how this occurs and what I can do to stop it.
>
> thanks,
> Bob
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 4 篇):