Kaj Haulrich wrote:
When doing a chkrootkit everything looks fine except this :
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... Checking `rexedcs'... not found
Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
Checking `w55808'... not infected
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
I get the same message so I googled around and found that the dhcp
client and server are using the same port used by the sniffer (exploit?)
and chkrootkit cannot distinguish between them thus the message.
Avi
--
Avi Schwartz
http://public.xdi.org/=avi.schwartz
When you have robbed a man of everything, he is no longer in your power. He is
free again.
-- Alexander Solzhenitsyn
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________