[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq550: Chkroot results question
- Subject: Re: [cobalt-users] Raq550: Chkroot results question
- From: Bruce Timberlake <bruce@xxxxxxxxxx>
- Date: Thu Mar 13 20:04:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
>> I run chkrootkit on my systems daily ...
>> On one of the Raq550's I get an extra like
>> eth0 is not promisc
>> eth0:1 is not promisc [most times it is "eth0:0 is not promisc"]
>> eth1 is not promisc
>>
>> On the others I get
>> eth0 is not promisc
>> eth1 is not promisc
>>
>> What really does not promisc mean?
>
>It means the interface will receive ALL packets on the network.
>Normally it would only receive packets addressed to it.
Actually if it's _not_ in promiscuous mode, it _won't_ get all
packets. It will only get the ones addressed to it.
Promiscuous mode is used by traffic scanners, so the check is to see
if your ethernet card mode has been altered by a traffic scanner. Not
promisc is what you want. :)
>> What is eth0:1 ?
It's a "virtual" ethernet interface. The "main" port, eth0, has the
primary IP for the RaQ assigned ("bound") to it. If you're providing
multiple IP addresses (not name-based hosting, but each vsite has its
own IP), you can "bind" the alternate IPs to the same physical
ethernet port, but they need to be virtualized. So eth0:0 is the
first virtual ethernet "port" on the physical eth0 port, eth0:1 is the
2nd virtual port, etc. If you only assign one IP for all domains on
the RaQ to use, you would't see eth0:x.