LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Turn off Promiscuous Bit (https://www.linuxquestions.org/questions/linux-networking-3/turn-off-promiscuous-bit-46363/)

robeb 02-20-2003 02:40 PM
Turn off Promiscuous Bit
 
I am running a Red Hat 7.2 router/firewall box w/ Snort 1.9.0 and trying to reduce the number of portscan logs from hosts not on my network
i.e.

SCAN SOCKS Proxy attempt [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 24.104.42.153:25788 -> 10.0.0.75:1080

I think turning promiscuous mode off on eth0 would help reduce the number these portscan logs. Normally, I thought "ifconfig eth0 -promisc" would turn it off since the PROMISC flag is not set when I do "ifconfig -a eth0" after. However, upon the advice of a helpful soul "ip link show eth0" shows that the interface is still in promiscuous mode. Apparently, snort turns it back on when it starts. Using -p w/ snort on the command line doesn't seem to help, either? I think it would help to manually turn off the promiscuous bit...but I don't know how?

Pcghost 02-20-2003 04:37 PM
I would suggest you put a rule in your Iptables that DROP's icmp requests on your external interface. Just a thought..

robeb 02-20-2003 04:44 PM
Actually, I already have a rule that drops incoming ICMP echo-requests. BTW, how did you come to that conclusion after reading my post?

Darin 02-20-2003 07:53 PM
I'm not really familiar with snort but it sounds like a type of network sniffer. It is possible that snort is what is turning promiscuous mode on for your network adapter, you may have to look into the configuration of snort to turn this off.

robeb 02-20-2003 08:25 PM
The -p option is suppose to disable promiscuous mode sniffing


All times are GMT -5. The time now is 09:27 PM.