warning on tcpdump and libcap I've just recieved the following, don't know if its true !
>Hi, > >Apparently libpcap and tcpdump have been trojaned, in a similar way to >openssh earlier this year. Information about how long this has been the >case is sketchy. Trojaned versions appear to have made it out to a >number of mirrors. > >Further details can be found at http://hlug.fscker.com (mirror >http://www2.def-con.org/mirror/hlug.fscker.com/ appears to work). > >The tarballs available at www.tcpdump.org appear to still be trojaned. > >Good sources: >http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/libpcap-0.7 >.1.tar.gz >http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcpdump-3.6 >.2.tar.gz >http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcpdump-3.7 >.1.tar.gz > >MD5 Sum 0597c23e3496a5c108097b2a0f1bd0c7 libpcap-0.7.1.tar.gz >MD5 Sum 6bc8da35f9eed4e675bfdf04ce312248 tcpdump-3.6.2.tar.gz >MD5 Sum 03e5eac68c65b7e6ce8da03b0b0b225e tcpdump-3.7.1.tar.gz > >Trojaned sources: >http://www.tcpdump.org/release/libpcap-0.7.1.tar.gz >http://www.tcpdump.org/release/tcpdump-3.6.2.tar.gz >http://www.tcpdump.org/release/tcpdump-3.7.1.tar.gz > >MD5 Sum 73ba7af963aff7c9e23fa1308a793dca libpcap-0.7.1.tar.gz >MD5 Sum 3a1c2dd3471486f9c7df87029bf2f1e9 tcpdump-3.6.2.tar.gz >MD5 Sum 3c410d8434e63fb3931fe77328e4dd88 tcpdump-3.7.1.tar.gz > >The program connects to 212.146.0.34 (mars.raketti.net) on port 1963 >when the configure script is run. Sites with logs of network traffic >may wish to check for connections to this IP over recent days. > >We would be interested in hearing about any machines found to be >compromised using this route. > >Regards
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com