On Tuesday 04 January 2005 15:07, Bryan Phinney wrote:
> On Tuesday 04 January 2005 08:20, Kaj Haulrich wrote:
> > When doing a chkrootkit everything looks fine except this :
> >
> > Checking `asp'... not infected
> > Checking `bindshell'... not infected
> > Checking `lkm'... Checking `rexedcs'... not found
> > Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
> > Checking `w55808'... not infected
> > Checking `wted'... nothing deleted
> > Checking `scalper'... not infected
> > Checking `slapper'... not infected
> >
> > What is this sniffer thing and does it matter ?
>
> Packet sniffer. If you are running an Intrusion Detection System
> like portsentry or Snort, that would account for the detection of
> a packet sniffer as IDS's have to sniff packet to detect
> intrusions.
Thanks Bryan and Avi, but I'm running snort or portsentry or
anything. So where does this "sniffer" come from ? - To me it
sounds pretty much like one of those thousands of Windows-spyware
malignancies. Never thought a Linux system could get one, but
maybe I'll have to think again ?
Kaj Haulrich.
--
*sent from a 100% Microsoft-free workstation*
* http://haulrich.net *
*Running Linux (Mandrake 10.1) - kernel 2.6.8*
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
