On Tuesday 04 January 2005 15:07, Bryan Phinney wrote: > On Tuesday 04 January 2005 08:20, Kaj Haulrich wrote: > > When doing a chkrootkit everything looks fine except this : > > > > Checking `asp'... not infected > > Checking `bindshell'... not infected > > Checking `lkm'... Checking `rexedcs'... not found > > Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient) > > Checking `w55808'... not infected > > Checking `wted'... nothing deleted > > Checking `scalper'... not infected > > Checking `slapper'... not infected > > > > What is this sniffer thing and does it matter ? > > Packet sniffer. If you are running an Intrusion Detection System > like portsentry or Snort, that would account for the detection of > a packet sniffer as IDS's have to sniff packet to detect > intrusions.
Thanks Bryan and Avi, but I'm running snort or portsentry or anything. So where does this "sniffer" come from ? - To me it sounds pretty much like one of those thousands of Windows-spyware malignancies. Never thought a Linux system could get one, but maybe I'll have to think again ? Kaj Haulrich. -- *sent from a 100% Microsoft-free workstation* * http://haulrich.net * *Running Linux (Mandrake 10.1) - kernel 2.6.8*
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________