Mailinglist Archive: opensuse-security (141 mails)
| < Previous | Next > |
Re: [suse-security] strange kernel message.
- From: Mirek Szymczak <mirek@xxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Dec 1999 13:09:32 +0100 (MET)
- Message-id: <Pine.LNX.3.96.991213130739.10942B-100000@xxxxxxxxxxxxxxxxxxxxxxxxx>
First of all thank you all for the prompt answer. Can't this mean
something else? recently i was playing around with tcpdump can't this be
the reason?
Mirek
On Mon, 13 Dec 1999, Maximillian Jahn wrote:
> Date: Mon, 13 Dec 1999 13:02:24 +0100
> From: Maximillian Jahn <h9302299@xxxxxxxxxxxxxxxxxxxxx>
> To: suse-security@xxxxxxxx
> Cc: Mirek Szymczak <mirek@xxxxxxxxxxxxxxxxx>
> Subject: Re: [suse-security] strange kernel message.
>
> Am Mon, 13 Dez 1999 schrieben Sie:
> > This is not a good thing, Mirek. Someone or some program setup your network
> > card so that it can now be sniffed. ALL non-encrypted information passing
> > through your card, including passwords are now able to be read by a
> > third-party. I hear a reboot can set it back to be non-promiscuous..but if
> > you have been exploited, rebooting can do more harm than good. Check the
> > integrity of your login binary..and other items. Its quite possible you
> > have been exploited by a script kiddie.
> > They may have even installed a "root kit". Here is the readme for Linux
> > RootKit 3.
>
> Promiscous mode does not mean the card can be sniffed, but that it IS
> sniffing... it is pretty obvious that you box has been cracked. I hope you set
> up tripwire before you connected the box to the net, else you probably should
> do a whole new setup; as Chrissy LeMaire showed, there are quite a lot trojans
> around:(
>
> --
> #!/usr/bin/perl
> # Maximillian Jahn
> # h9302299@xxxxxxxxxxxxxxxxxxxxx
>
>
something else? recently i was playing around with tcpdump can't this be
the reason?
Mirek
On Mon, 13 Dec 1999, Maximillian Jahn wrote:
> Date: Mon, 13 Dec 1999 13:02:24 +0100
> From: Maximillian Jahn <h9302299@xxxxxxxxxxxxxxxxxxxxx>
> To: suse-security@xxxxxxxx
> Cc: Mirek Szymczak <mirek@xxxxxxxxxxxxxxxxx>
> Subject: Re: [suse-security] strange kernel message.
>
> Am Mon, 13 Dez 1999 schrieben Sie:
> > This is not a good thing, Mirek. Someone or some program setup your network
> > card so that it can now be sniffed. ALL non-encrypted information passing
> > through your card, including passwords are now able to be read by a
> > third-party. I hear a reboot can set it back to be non-promiscuous..but if
> > you have been exploited, rebooting can do more harm than good. Check the
> > integrity of your login binary..and other items. Its quite possible you
> > have been exploited by a script kiddie.
> > They may have even installed a "root kit". Here is the readme for Linux
> > RootKit 3.
>
> Promiscous mode does not mean the card can be sniffed, but that it IS
> sniffing... it is pretty obvious that you box has been cracked. I hope you set
> up tripwire before you connected the box to the net, else you probably should
> do a whole new setup; as Chrissy LeMaire showed, there are quite a lot trojans
> around:(
>
> --
> #!/usr/bin/perl
> # Maximillian Jahn
> # h9302299@xxxxxxxxxxxxxxxxxxxxx
>
>
| < Previous | Next > |