Hello Gunther, to find out which programs could use the af_packet module, you can start the program you suppose and then make a lsmod|grep af_packet. Mario
-----Original Message----- From: Gunther Stammwitz [mailto:gstammw@gmx.net] Sent: Tuesday, July 23, 2002 3:51 PM To: M. Neubert; suse-security@suse.com Subject: AW: [suse-security] af-packet ??
Hello Mario,
thanks for your reply. I didn't see the post last week - so I must have overlooked it.
Is there a way to find our which programs could have triggered af_packet ? Does one know if matt's traceroute (mtr) uses af_packet ?
Bye, Gunther
-----Ursprüngliche Nachricht----- Von: M. Neubert [mailto:mario_neubert@gmx.de] Gesendet: Dienstag, 23. Juli 2002 15:09 An: 'Gunther Stammwitz'; suse-security@suse.com Betreff: RE: [suse-security] af-packet ??
Hello,
Last week I had asked the same question. Olaf Kirch from Suse wrote, that could come it by programs as well as tcpdump. I not however used such programs.
My English is not so good. I know.
Greetings Mario
-----Original Message----- From: Gunther Stammwitz [mailto:gstammw@gmx.net] Sent: Tuesday, July 23, 2002 2:39 PM To: suse-security@suse.com Subject: [suse-security] af-packet ??
Hello,
the daily security-check-script on one of our SuSE 8.0-servers has reported something that is being called "af_packet".
I have never heared this before and would like to ask if someone on the list knows what this means.
Maybe this is a trojan or something like that ?
Greetings, Gunther
Changes in your daily security configuration of linux:
OLD: /var/lib/secchk/security-report-daily Fri Jul 19 00:00:00 2002 NEW: /var/lib/secchk/security-report-daily.new Tue Jul 23 00:00:01 2002
* Changes (+: new entries, -: removed entries): + af_packet
+ Connectivity & Colocation @ www.rackbase.de + ----------------------------------------------- Mainlab GmbH Sachsenhäuser Landwehrweg 236 60598 Frankfurt am Main Tel. / Fax: 0700-2MAINLAB (0700-26246522) Email: info@mainlab.de Web: www.mainlab.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here