OSSEC HIDS Reports Interface Entered in Promiscuous(sniffing) Mode

1) Always worry...The hackers don't want you to pay attention to the logs and ethernet devices "mysteriously" turning on promiscuous mode for no reason.2) Promiscuous mode on a computer has nothing to do with catching nasty viruses like AIDS...

- No, but the behaviour is a red flag and should be investigated. Ignoring tell tale signs like this and dismissing them is the lax security mindset that is plaguing so many businesses and institutions these days.It just means that your network adapter will be able to read TCP/IP packets that are meant for other adapters. (A.k.a. "sniffing" and that's a great tool to find obscure TCP/IP communication bugs)

- It is...IF and I emphasize "IF" it is being done to troubleshoot and not capture packets for malicious intent like foot printing the network or capturing unencrypted messages (email, etc.).Erring on the side of caution is much more preferable then ignoring potential security exploits.As far as why this happened...the only thing I can think of is reviewing your system and application logs at around the time it happened and make sure it was something YOU did and not someone or something else.

I have installed the latest version of OSSEC HIDS (2.8.1), and I keep now getting these email notifications from it:

OSSEC HIDS Notification.

2015 Apr 08 11:26:17

Received From: Bath-Towel->/var/log/syslog

Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."

Portion of the log(s):

Apr 8 11:26:15 Bath-Towel kernel: [ 93. device eth0 entered promiscuous mode --END OF NOTIFICATION

OSSEC HIDS Notification.

2015 Apr 08 11:26:19

Received From: Bath-Towel->/var/log/syslog

Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."

Portion of the log(s):

Apr 8 11:26:18 Bath-Towel kernel: [ 95. device eth0 entered promiscuous mode --END OF NOTIFICATION

OSSEC HIDS Notification.

2015 Apr 08 11:26:23

Received From: Bath-Towel->/var/log/syslog

Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."

Portion of the log(s):

Apr 8 11:26:21 Bath-Towel kernel: [ 99. device eth0 entered promiscuous mode --END OF NOTIFICATION

So what does this mean and should I be worried about it?

OS Information:

Description: Ubuntu 14.10

Release: 14.10

·OTHER ANSWER:

I have installed the latest version of OSSEC HIDS (2.8.1), and I keep now getting these email notifications from it:

OSSEC HIDS Notification.

2015 Apr 08 11:26:17

Received From: Bath-Towel->/var/log/syslog

Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."

Portion of the log(s):

Apr 8 11:26:15 Bath-Towel kernel: [ 93. device eth0 entered promiscuous mode --END OF NOTIFICATION

OSSEC HIDS Notification.

2015 Apr 08 11:26:19

Received From: Bath-Towel->/var/log/syslog

Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."

Portion of the log(s):

Apr 8 11:26:18 Bath-Towel kernel: [ 95. device eth0 entered promiscuous mode --END OF NOTIFICATION

OSSEC HIDS Notification.

2015 Apr 08 11:26:23

Received From: Bath-Towel->/var/log/syslog

Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode."

Portion of the log(s):

Apr 8 11:26:21 Bath-Towel kernel: [ 99. device eth0 entered promiscuous mode --END OF NOTIFICATION

So what does this mean and should I be worried about it?

OS Information:

Description: Ubuntu 14.10

Release: 14.10

OSSEC HIDS Reports Interface Entered in Promiscuous(sniffing) Mode 1

Suministros profesionales de hotel para el hogar, experiencia de hotel profesional de alta calidad de vida.
Contáctenos
Tel : 86-020 3910 2888
Móvil: 86 189 3398 9901
Correo electrónico: Info8@eliyalinen.com  
¡Add: B16... Huachuang Technology Industrial Park... Jinshan Village... Panyu District... Guangzhou... China!

       

sin datos
         


       

Tel : 86-020 3910 2888
Móvil: 86 189 3398 9901
Correo electrónico: Info8@eliyalinen.com
Derechos de autor©2021 ELIYA Hotel Linen Co.... Ltd |   Mapa del sitio   粤ICP备15074832号
chat online
Please message us and we’ll be sure to respond ASAP, what product you intrested in?