Re: chkrootkit sniffers

To: debian-security@lists.debian.org
Subject: Re: chkrootkit sniffers
From: Christian Schuerer <debian.lists@quincunx.at>
Date: Fri, 11 Aug 2006 10:16:33 +0200
Message-id: <[🔎] 200608111016.33282.debian.lists@quincunx.at>
In-reply-to: <[🔎] ebg82v7bq0@mids.svenhartge.de>
References: <[🔎] 44DB8D80.9020902@fgeek.fi> <[🔎] ebg82v7bq0@mids.svenhartge.de>

On Thursday 10 August 2006 23:23, Sven Hartge wrote:
> Um 22:48 Uhr am 10.08.06 schrieb Henri Salo:
> > I am running Debian stable (kernel 2.6.8-2) chkrootkit version 0.44 with
> > command chkrootkit and it gives me:
> >
> > Checking `sniffer'... lo: PACKET SNIFFER(/sbin/dhclient[29148])
> > eth0: PACKET SNIFFER(/sbin/dhclient[29148], /sbin/dhclient[29307])
> > eth1: PACKET SNIFFER(/sbin/dhclient[29148])
> >
> > is that serious?
>
> No. Both dhclient and dhcpd are known false positives.
>
> You should of course check, if those processes are _really_ a dhclient.

Isn't it strange that there is an DHCP client running on lo? I don't get the 
point of doing that.

Regards,

   Christian

Reply to:

Follow-Ups:
- Re: chkrootkit sniffers
  - From: "Izak Burger" <isburger@gmail.com>

References:
- chkrootkit sniffers
  - From: Henri Salo <fgeek@fgeek.fi>
- Re: chkrootkit sniffers
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: chkrootkit sniffers
Next by Date: Re: chkrootkit sniffers
Previous by thread: Re: chkrootkit sniffers
Next by thread: Re: chkrootkit sniffers
Index(es):
- Date
- Thread