* Bráulio Weimann Gergull (gergull@getnet.com.br) [020407 09:17]:
I started a tcpdump session and ran the ifconfig command to see if it returns the string "PROMISC" in the command's output. There's nothing there showing me this mode of operation.
This has been broken in ifconfig for a while due to an api change in the kernel. '/usr/sbin/ip link' gives the correct information.
--
-ckm
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here Well this is some great information. I have been trying to see this output too. If this is broke, doesn't that make
On Sun, Apr 07, 2002 at 11:54:19AM -0700, Christopher Mahmood beat on the keyboard: things a little hard for tracking down script kiddies. I have been doing some work for a company, who has had two Redhat boxes (trying to convince them to switch to SuSE) compromised. I have been checking my box out, and am running snort, so I know it is in promisc, but ifconfig wouldn't show it. I have run chkrootkit, and that says it is not promisc, yet it is running in promisc. I don't like this. What other ways can I be sure that my box has not been compromised? I have run adorefind, negative, chkrootkit, all negative. Are there any other auditing tools to check with? I have run rpm -Va. My system is completely up to date with security patches. Thanks. -- _ _ __ _____ _____ ___| |_ | '__| / __\ \ /\ / / _ \/ _ \ __| -o) | | _ \__ \\ V V / __/ __/ |_ /\\ |_|(_) |___/ \_/\_/ \___|\___|\__|_\_v rsweet@garagenetworks.net "unix soit qui mal y pense."