Come to think of it I did install a program recently called IPFM to monitor all IN and OUT traffic on each IP I have on my machine. Its currently not running, but I have had it running, so could this have effected sometime to make chkrootkit shot the eth0 etc as promisc?
Other than that I have snmpd and portsentry running on the server - but they have always been running and never had this output before thanks -John ----- Original Message ----- From: "Michael Stauber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 15, 2002 11:21 AM Subject: Re: [cobalt-security] chkrootkit output, what does it mean? > Hi Mez, > > > My chkrootkit log this morning is showing: > > > > Checking `sniffer'... > > eth0 is PROMISC > > eth0:0 is PROMISC > > eth0:2 is PROMISC > > eth0:3 is PROMISC > > eth0:4 is PROMISC > > eth0:5 is PROMISC > > eth0:1 is PROMISC > > > > Is this anything to worry about? Or can anyone tell me what it means? > > That normally indicates that a network sniffer is active on your machine and > is monitoring the network traffic. Unless you manually launched "tcpdump" or > a similar shell command to diagnose your network traffic this is indeed > something to worry about. Did chkrootkit warn you about any modified binaries? > > -- > > With best regards, > > Michael Stauber > [EMAIL PROTECTED] > Unix/Linux Support Engineer > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
