Kaj Haulrich wrote:
On Tuesday 04 January 2005 15:07, Bryan Phinney wrote:
On Tuesday 04 January 2005 08:20, Kaj Haulrich wrote:
When doing a chkrootkit everything looks fine except this :
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... Checking `rexedcs'... not found
Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
Checking `w55808'... not infected
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
What is this sniffer thing and does it matter ?
Packet sniffer. If you are running an Intrusion Detection System
like portsentry or Snort, that would account for the detection of
a packet sniffer as IDS's have to sniff packet to detect
intrusions.
Thanks Bryan and Avi, but I'm running snort or portsentry or
anything. So where does this "sniffer" come from ? - To me it
sounds pretty much like one of those thousands of Windows-spyware
malignancies. Never thought a Linux system could get one, but
maybe I'll have to think again ?
Please re-read my previous email, but if you prefer, also check the following:
http://lists.debian.org/debian-user/2004/01/msg05013.html
Avi
--
Avi Schwartz
http://public.xdi.org/=avi.schwartz
When you have robbed a man of everything, he is no longer in your power. He is
free again.
-- Alexander Solzhenitsyn
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________