I recently did a fresh install of 7.3 on this system and included all security updates from scratch. Today I decided to run chkrootkit and found that it reported that eth0 wasn't in promiscuous mode. Since I'm running snort, and see in /var/log/messages lines like "eth0 entered promiscuous mode" I was a bit worried.
I ran tcpdump -i eth0 and did ifconfig and sure enough, PROMISC wasn't
I reinstalled net-tools.rpm, but still no PROMISC. It's difficult to believe that this is the work of a hacker, since the entries are made into messages, and since the problem was still there after a reinstall of net-tools I
Hi,
I have noticed exactly the same behaviour in chkrootkit.
Running tcpdump while chkrootkit ran it did *not* report promiscuous mode.
Greetz
johnvD.
----- Original Message -----
From: Anders Johansson
it would have to be a kernel problem and any kernel modification would surely remove log messages as well as proc entries
I've tested it on two separate systems, both running 7.3, one running k_deflt 2.4.16 and one running k_deflt 2.4.17-69 (from mantel)
Is anyone else seeing this?
file://Anders
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here