[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq550: Chkroot results question
- Subject: Re: [cobalt-users] Raq550: Chkroot results question
- From: "John D. Gorena" <Support@xxxxxxxxxxxxxxxxxxx>
- Date: Fri Mar 14 05:36:00 2003
- Organization: http://www.JMG-Enterprises.com
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Bruce Timberlake wrote:
>
> >> I run chkrootkit on my systems daily ...
> >> On one of the Raq550's I get an extra like
> >> eth0 is not promisc
> >> eth0:1 is not promisc [most times it is "eth0:0 is not promisc"]
> >> eth1 is not promisc
> >>
> >> On the others I get
> >> eth0 is not promisc
> >> eth1 is not promisc
> >>
> >> What really does not promisc mean?
> >
> >It means the interface will receive ALL packets on the network.
> >Normally it would only receive packets addressed to it.
>
> Actually if it's _not_ in promiscuous mode, it _won't_ get all
> packets. It will only get the ones addressed to it.
>
> Promiscuous mode is used by traffic scanners, so the check is to see
> if your ethernet card mode has been altered by a traffic scanner. Not
> promisc is what you want. :)
>
> >> What is eth0:1 ?
>
> It's a "virtual" ethernet interface. The "main" port, eth0, has the
> primary IP for the RaQ assigned ("bound") to it. If you're providing
> multiple IP addresses (not name-based hosting, but each vsite has its
> own IP), you can "bind" the alternate IPs to the same physical
> ethernet port, but they need to be virtualized. So eth0:0 is the
> first virtual ethernet "port" on the physical eth0 port, eth0:1 is the
> 2nd virtual port, etc. If you only assign one IP for all domains on
> the RaQ to use, you would't see eth0:x.
>
> _____________________________________
Good thorough answers. Thank you very much.
John