Nmap Announce mailing list archives
Re: unauthorized scan from you
From: "Dave Matthews" <matthews () greengenes cit cornell edu>
Date: Sat, 13 Feb 99 18:20:37 EST
Hi Marc, I just phoned the sysop on that machine, and found that he routinely sets eth0 to promiscuous mode for his own reasons. (Monitoring for SATAN-like probes, including yours.) No fault of yours or your software. Just happened to show up in the syslog at the same time. Sorry for the inaccurate alarm. I hope you and your nmap-hacker colleagues are aware of the distress these anonymous probes can cause amongst us less-hip sysops who don't and can't know what you're doing or why you're doing it. Some of us have professional responsibilities to maintain our internet servers online 24x7, on which our livelihoods depend. And don't have resources to hire a fulltime internet security crew to support that responsibility adequately. Thank you for your concern. You're a good man, my fears are allayed. - Dave
Hi Dave... Effective upon reading this email, I have shut down the probe until *I* can get further clarification on this as well. So far as *I* knew, there is no way that I, on this end, can force your ethernet ito promiscuous mode...it has to be done as root on the machine itself. I've CC'd this to the NMAP mailing list, hoping someone else can give a good explanation for this... ...if it is something that I've done, then the probe will be shutdown *permanently* effective now...I'm just confused as how it could be something I've done.
Current thread:
- Re: unauthorized scan from you The Hermit Hacker (Feb 13)
- <Possible follow-ups>
- Re: unauthorized scan from you Dave Matthews (Feb 13)
- Re: unauthorized scan from you The Hermit Hacker (Feb 13)