Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] promisuous or not?
I just ran chkrootkit yesterday and neither of my NICs was reported as being in promiscuous mode. I am not running Snort though. I have the 2.4.16 kernel.


02/27/02 08:37:20 PM, Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx> wrote:

>I recently did a fresh install of 7.3 on this system and included all security
>updates from scratch. Today I decided to run chkrootkit and found that it
>reported that eth0 wasn't in promiscuous mode. Since I'm running snort, and
>see in /var/log/messages lines like "eth0 entered promiscuous mode" I was a
>bit worried.
>I ran tcpdump -i eth0 and did ifconfig and sure enough, PROMISC wasn't there.
>I reinstalled net-tools.rpm, but still no PROMISC. It's difficult to believe
>that this is the work of a hacker, since the entries are made into messages,
>and since the problem was still there after a reinstall of net-tools I think
>it would have to be a kernel problem and any kernel modification would surely
>remove log messages as well as proc entries
>I've tested it on two separate systems, both running 7.3, one running k_deflt
>2.4.16 and one running k_deflt 2.4.17-69 (from mantel)
>Is anyone else seeing this?
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >