Re: unauthorized scan from you

["Dave Matthews" <matthews () greengenes cit cornell edu>]

Hi Marc, I just phoned the sysop on that machine, and found that he
routinely sets eth0 to promiscuous mode for his own reasons.  (Monitoring
for SATAN-like probes, including yours.)  No fault of yours or your
software.  Just happened to show up in the syslog at the same time.  Sorry
for the inaccurate alarm.

I hope you and your nmap-hacker colleagues are aware of the distress these
anonymous probes can cause amongst us less-hip sysops who don't and can't
know what you're doing or why you're doing it.  Some of us have professional
responsibilities to maintain our internet servers online 24x7, on which our
livelihoods depend.  And don't have resources to hire a fulltime internet
security crew to support that responsibility adequately.

Thank you for your concern.  You're a good man, my fears are allayed.

- Dave


> Hi Dave...
>
>         Effective upon reading this email, I have shut down the probe
> until *I* can get further clarification on this as well.
>
>         So far as *I* knew, there is no way that I, on this end, can force
> your ethernet ito promiscuous mode...it has to be done as root on the
> machine itself.  I've CC'd this to the NMAP mailing list, hoping someone
> else can give a good explanation for this...
>
>         ...if it is something that I've done, then the probe will be
> shutdown *permanently* effective now...I'm just confused as how it could
> be something I've done.