Hello, the daily security-check-script on one of our SuSE 8.0-servers has reported something that is being called "af_packet". I have never heared this before and would like to ask if someone on the list knows what this means. Maybe this is a trojan or something like that ? Greetings, Gunther Changes in your daily security configuration of linux: OLD: /var/lib/secchk/security-report-daily Fri Jul 19 00:00:00 2002 NEW: /var/lib/secchk/security-report-daily.new Tue Jul 23 00:00:01 2002 * Changes (+: new entries, -: removed entries): + af_packet + Connectivity & Colocation @ www.rackbase.de + ----------------------------------------------- Mainlab GmbH Sachsenhäuser Landwehrweg 236 60598 Frankfurt am Main Tel. / Fax: 0700-2MAINLAB (0700-26246522) Email: info@mainlab.de Web: www.mainlab.de
Hello, Last week I had asked the same question. Olaf Kirch from Suse wrote, that could come it by programs as well as tcpdump. I not however used such programs. My English is not so good. I know. Greetings Mario
-----Original Message----- From: Gunther Stammwitz [mailto:gstammw@gmx.net] Sent: Tuesday, July 23, 2002 2:39 PM To: suse-security@suse.com Subject: [suse-security] af-packet ??
Hello,
the daily security-check-script on one of our SuSE 8.0-servers has reported something that is being called "af_packet".
I have never heared this before and would like to ask if someone on the list knows what this means.
Maybe this is a trojan or something like that ?
Greetings, Gunther
Changes in your daily security configuration of linux:
OLD: /var/lib/secchk/security-report-daily Fri Jul 19 00:00:00 2002 NEW: /var/lib/secchk/security-report-daily.new Tue Jul 23 00:00:01 2002
* Changes (+: new entries, -: removed entries): + af_packet
+ Connectivity & Colocation @ www.rackbase.de + ----------------------------------------------- Mainlab GmbH Sachsenhäuser Landwehrweg 236 60598 Frankfurt am Main Tel. / Fax: 0700-2MAINLAB (0700-26246522) Email: info@mainlab.de Web: www.mainlab.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello Mario, thanks for your reply. I didn't see the post last week - so I must have overlooked it. Is there a way to find our which programs could have triggered af_packet ? Does one know if matt's traceroute (mtr) uses af_packet ? Bye, Gunther -----Ursprüngliche Nachricht----- Von: M. Neubert [mailto:mario_neubert@gmx.de] Gesendet: Dienstag, 23. Juli 2002 15:09 An: 'Gunther Stammwitz'; suse-security@suse.com Betreff: RE: [suse-security] af-packet ?? Hello, Last week I had asked the same question. Olaf Kirch from Suse wrote, that could come it by programs as well as tcpdump. I not however used such programs. My English is not so good. I know. Greetings Mario
-----Original Message----- From: Gunther Stammwitz [mailto:gstammw@gmx.net] Sent: Tuesday, July 23, 2002 2:39 PM To: suse-security@suse.com Subject: [suse-security] af-packet ??
Hello,
the daily security-check-script on one of our SuSE 8.0-servers has reported something that is being called "af_packet".
I have never heared this before and would like to ask if someone on the list knows what this means.
Maybe this is a trojan or something like that ?
Greetings, Gunther
Changes in your daily security configuration of linux:
OLD: /var/lib/secchk/security-report-daily Fri Jul 19 00:00:00 2002 NEW: /var/lib/secchk/security-report-daily.new Tue Jul 23 00:00:01 2002
* Changes (+: new entries, -: removed entries): + af_packet
+ Connectivity & Colocation @ www.rackbase.de + ----------------------------------------------- Mainlab GmbH Sachsenhäuser Landwehrweg 236 60598 Frankfurt am Main Tel. / Fax: 0700-2MAINLAB (0700-26246522) Email: info@mainlab.de Web: www.mainlab.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello Gunther, to find out which programs could use the af_packet module, you can start the program you suppose and then make a lsmod|grep af_packet. Mario
-----Original Message----- From: Gunther Stammwitz [mailto:gstammw@gmx.net] Sent: Tuesday, July 23, 2002 3:51 PM To: M. Neubert; suse-security@suse.com Subject: AW: [suse-security] af-packet ??
Hello Mario,
thanks for your reply. I didn't see the post last week - so I must have overlooked it.
Is there a way to find our which programs could have triggered af_packet ? Does one know if matt's traceroute (mtr) uses af_packet ?
Bye, Gunther
-----Ursprüngliche Nachricht----- Von: M. Neubert [mailto:mario_neubert@gmx.de] Gesendet: Dienstag, 23. Juli 2002 15:09 An: 'Gunther Stammwitz'; suse-security@suse.com Betreff: RE: [suse-security] af-packet ??
Hello,
Last week I had asked the same question. Olaf Kirch from Suse wrote, that could come it by programs as well as tcpdump. I not however used such programs.
My English is not so good. I know.
Greetings Mario
-----Original Message----- From: Gunther Stammwitz [mailto:gstammw@gmx.net] Sent: Tuesday, July 23, 2002 2:39 PM To: suse-security@suse.com Subject: [suse-security] af-packet ??
Hello,
the daily security-check-script on one of our SuSE 8.0-servers has reported something that is being called "af_packet".
I have never heared this before and would like to ask if someone on the list knows what this means.
Maybe this is a trojan or something like that ?
Greetings, Gunther
Changes in your daily security configuration of linux:
OLD: /var/lib/secchk/security-report-daily Fri Jul 19 00:00:00 2002 NEW: /var/lib/secchk/security-report-daily.new Tue Jul 23 00:00:01 2002
* Changes (+: new entries, -: removed entries): + af_packet
+ Connectivity & Colocation @ www.rackbase.de + ----------------------------------------------- Mainlab GmbH Sachsenhäuser Landwehrweg 236 60598 Frankfurt am Main Tel. / Fax: 0700-2MAINLAB (0700-26246522) Email: info@mainlab.de Web: www.mainlab.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Gunther Stammwitz wrote:
something that is being called "af_packet".
I have never heared this before and would like to ask if someone on the list knows what this means.
It is a standard Linux module. I don't know exactly what it does but when I tried to build a minimal SuSE autoinstall disk, without af_packet the DHCP client wouldn't get an address so it seems do have something to do with very basic networking. Kevin -- _ | Kevin Ivory | Tel: +49-551-37000041 |_ |\ | | Service Network GmbH | Fax: +49-551-3700009 ._|ER | \|ET | Bahnhofsallee 1b | mailto:Ivory@SerNet.de Service Network | 37081 Goettingen | http://www.SerNet.de/
Hi, af_packet (where af stands for Adress Family) is a low level packet interface and is for example used by sniffers like etherreal, tcpdump... HTH Christoph 23.7.2002 16:45:54, Kevin Ivory <Ivory@SerNet.DE> wrote:
Gunther Stammwitz wrote: something that is being called "af_packet".
I have never heared this before and would like to ask if someone on the list knows what this means. -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY
Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de
participants (4)
-
Christoph Wegener -
Gunther Stammwitz -
Kevin Ivory -
M. Neubert