-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11-Sep-07, at 12:33 PM, <[EMAIL PROTECTED]> wrote: > On Tue, 11 Sep 2007 18:17:23 +0200 Brian McKee <[EMAIL PROTECTED]> > wrote: > >> Here's an interesting tidbit. I installed Parallels (similar to >> VMware) on OSX where I had rkhunter 1.2.9 running, and it flagged >> one of the virtual network cards as 'promiscuous' > > But was it? > Any details you want to share? > How about testing 1.3.0 if you have time to spare? > Well, 1.3 is on my list of things to try, but I'm swamped currently.... As for whether it's 'promiscuous' or not, OSX seems to think it is, so I guess rkhunter is 'right' > en2: > flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> > mtu 1500 > inet6 fe80::21c:42ff:fe00:0%en2 prefixlen 64 scopeid 0x8 > inet 192.168.1.197 netmask 0xffffff00 broadcast 192.168.1.255 > ether 00:1c:42:00:00:00 > media: autoselect status: active > supported media: autoselect > en3: > flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> > mtu 1500 > inet6 fe80::21c:42ff:fe00:1%en3 prefixlen 64 scopeid 0x9 > inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255 > ether 00:1c:42:00:00:01 > media: autoselect status: active > supported media: autoselect > I have Parallels set to 'bridged' mode so that the virtual machine gets it's own ip on the real LAN. en2 is labelled Parallels Host-Guest. Accessing it from the LAN gets you my Mac... en3 is labelled Parallels NAT - for Parallels 'shared adapter' mode rather than bridged. Haven't used it, but I see it's marked promisc too. I'm not sure why they are set to promiscuous - to tell you the truth I'm not sure why they have an adapter for bridged mode that has it's own address? The virtual machine uses a different address again. I just started using Parallels and I'm not up on how it works under the hood. Stepping back a bit, I guess the point of discovering promisc devices is to find any processes that are slurping all the network traffic, and Parallels could be used to do just that, so it's a valid warning... HTH Brian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Verify this email or encrypt your email for free - see gnupg.org iD8DBQFG5s9xGnOmb9xIQHQRAtIPAKCQacK9uhiQuez6NV2dOP6FSYgvlwCfVvtN HyfNnDV0ypm482OPPGcpUjo= =UvZL -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
