Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
promisuous or not?
  • From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 28 Feb 2002 03:37:20 +0100
  • Message-id: <200202280337.20365.andjoh@xxxxxxxxxxxxxxxxxxxxx>
I recently did a fresh install of 7.3 on this system and included all security
updates from scratch. Today I decided to run chkrootkit and found that it
reported that eth0 wasn't in promiscuous mode. Since I'm running snort, and
see in /var/log/messages lines like "eth0 entered promiscuous mode" I was a
bit worried.

I ran tcpdump -i eth0 and did ifconfig and sure enough, PROMISC wasn't there.
I reinstalled net-tools.rpm, but still no PROMISC. It's difficult to believe
that this is the work of a hacker, since the entries are made into messages,
and since the problem was still there after a reinstall of net-tools I think
it would have to be a kernel problem and any kernel modification would surely
remove log messages as well as proc entries

I've tested it on two separate systems, both running 7.3, one running k_deflt
2.4.16 and one running k_deflt 2.4.17-69 (from mantel)

Is anyone else seeing this?

//Anders

< Previous Next >