promiscuous mode!

Discussion in 'other firewalls' started by Novicex, Feb 19, 2009.

Thread Status:
Not open for further replies.
  1. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72
    I'm sorry if wrong forum. I'm using the AntiARP program and its detected that is one PC in my local network is in promiscuous mode. So who knows what it possibly mean and could someone else to make it work like that?
     
    Last edited: Feb 19, 2009
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Given that promiscuous usually refers to a woman who's a bit loose,I'd assume that it's a colourful way of describing an insecure pc,possibly revealing more info than it should.
     
  3. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    The network card is looking at every packet, not just those addressed specifically to it.

    Promiscuous mode is often used in packet sniffers, but is usually a configuration error on a normal nodal device.
     
  4. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72
    Is it possible to produce such as behaviour without a sniffer or whatever and, or maybe antiARP is wrong, what are you suggest?
     
  5. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I am reasonably sure it is still possible to configure a NIC into promiscuous mode, although I have not seen one personally since WFW 3.11 days.

    First question: Since you are only detecting one device as such on your network, are you certain that the device being detected is not itself?

    Second question: Does not the tool that is detecting this device describe the device (MAC address, IP Address) well enough to locate it physically?

    Third question: Is the device being detected perhaps a router? The very function of a router is to listen to traffic and send it on to the proper destination.

    Bottom line: I would not want a sniffer nor a PC acting as one on my network unless I placed it there explicitly.
     
  6. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72
    Thanks for helping!

    The card ive been detecting is IP: 192.168.1.35 mac: 00-1E-8C-83-22-99 info: ASUSTek COMPUTER INC.while mine is IP: 192.168.1.117 mac: 00-0D-87-AE-27-D1 info: Elitegroup Computer System Co. (ECS). But i aware the one person:thumbd: of my network used the "CAIN&ABEL" (it is not .35) - i think you know what is that mean. and that is .200 IP and i periodically got this "192.168.1.200is doing mac scan". AntiARP has this option too(mac scan).
    Im already did changes to my Security Policy, to block all ICMP packets and block all IGMP by firewall to reduce vulnerability. I need a tool to detect ecxact the sourse of attacks, im really confused:( .
     
    Last edited: Feb 19, 2009
Thread Status:
Not open for further replies.