On Sun, 28 Sep 2003, Bopolissimus Platypus wrote:
> however. if eth0 is in promisc mode and you don't know why, and if
> one of your people didn't put it in promisc mode then you are probably
> rooted.
Uh oh!
Well, actually, I used sniffit a few times. I believe a packet sniffer
puts eth0 into promiscuous mode.
But I noticed something wierd. I found out that eth0 was in promiscuous
mode because I ran chkrootkit-0.42a. When I run version 0.41, however, it
says eth0 is NOT in promiscuous mode.
Also, I used the ifconfig command you suggested, and version 0.42a syas it
still IS in promiscuous mode while version 0.41 says it is NOT.
Finally, I used it on my home system which has not connected to the
Internet in over two months, and I get the same results. But I also get a
whole lot of "debugging" messages (more like a list of environment
varialbles) when I run version 0.42a. No problem with version 0.41 though.
Is there any other utility I can use to see if eth0 is in prmiscuous mode?
I guess chkrootkit won't cut it this time.
God bless!
--[Manny [EMAIL PROTECTED]
Member: Philippine League for Democratic Telecommunications
"Affordable Access for All"
--[Open Minds Philippines]--------------------[openminds.linux.org.ph]--
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
