Re: ifconfig doesn't report Promiscuous interfaces

To: "S.Salman Ahmed" <ssahmed@pathcom.com>
Cc: debian-security@lists.debian.org
Subject: Re: ifconfig doesn't report Promiscuous interfaces
From: Andres Salomon <dilinger@mp3revolution.net>
Date: Fri, 16 Mar 2001 22:37:45 -0500
Message-id: <[🔎] 20010316223744.A20474@mp3revolution.net>
In-reply-to: <[🔎] 15026.50750.958632.234323@viper.earth>; from ssahmed@pathcom.com on Fri, Mar 16, 2001 at 09:04:47PM -0500
References: <[🔎] 15026.48807.605690.280609@viper.earth> <[🔎] 20010317014434.23295.qmail@web13201.mail.yahoo.com> <[🔎] 15026.50750.958632.234323@viper.earth>

On Fri, Mar 16, 2001 at 09:04:47PM -0500, S.Salman Ahmed wrote:
> 
> >>>>> "marlonsj" == marlonsj  <iso-8859-1> writes:
>     marlonsj>  Hi, Are you sure that this machine wasn't compromised ???
>     marlonsj> 
> 
> Absolutely.
> 
> I get the same behaviour from ifconfig on another sid machine (this one
> is behind my firewall, and the firewall is the sid machine I wrote about
> in my earlier email).

Of course, if your firewall was compromised, it wouldn't be suprising if
both machines were compromised..

> 
> Both machines are running 2.4.2 with latest sid. Unfortunately, I don't
> have access to a potato system, otherwise I would verify the behaviour
> of ifconfig under potato.
> 
> Here is the result of running debsums on net-tools:
> 
<snip>
> 
> -- 
> Salman Ahmed
> ssahmed AT pathcom DOT com
> 

I tried this on a 2.4.2 box:

[dilinger@incandescent dilinger]$ uname -a; dpkg -l net-tools; ifconfig
Linux incandescent 2.4.2 #1 Thu Feb 22 00:47:50 EST 2001 i686 unknown
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name               Version            Description
+++-==================-==================-====================================================
ii  net-tools          1.58-2             The NET-3 networking toolkit
eth0      Link encap:Ethernet  HWaddr 00:50:BA:D8:1A:16
          inet addr:128.113.199.230  Bcast:128.113.207.255  Mask:255.255.240.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:55250302 errors:52 dropped:36 overruns:24 frame:48
          TX packets:83231995 errors:4 dropped:16 overruns:1 carrier:4
          collisions:16583515 txqueuelen:100
          RX bytes:2476298939 (2361.5 Mb)  TX bytes:2874629386 (2741.4 Mb)
          Interrupt:10 Base address:0x8f00



Unfortunately, I haven't had the change to play w/ knark yet, but I assume
recompiling a kernel w/ modules support disabled would allow you to detect
if the root kit is installed..




-- 
"... being a Linux user is sort of like living in a house inhabited
by a large family of carpenters and architects. Every morning when
you wake up, the house is a little different. Maybe there is a new
turret, or some walls have moved. Or perhaps someone has temporarily
removed the floor under your bed." - Unix for Dummies, 2nd Edition
        -- found in the .sig of Rob Riggs, rriggs@tesser.com

Reply to:

Follow-Ups:
- Promiscuous mode (was Re: ifconfig doesn't report Promiscuous interfaces)
  - From: JonesMB <jonesmb@arthem.com>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: S.Salman Ahmed <ssahmed@pathcom.com>

References:
- ifconfig doesn't report Promiscuous interfaces
  - From: S.Salman Ahmed <ssahmed@pathcom.com>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: Marlon Jabbur <marlonsj@yahoo.com.br>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: S.Salman Ahmed <ssahmed@pathcom.com>

Prev by Date: Re: ifconfig doesn't report Promiscuous interfaces
Next by Date: Promiscuous mode (was Re: ifconfig doesn't report Promiscuous interfaces)
Previous by thread: Re: ifconfig doesn't report Promiscuous interfaces
Next by thread: Promiscuous mode (was Re: ifconfig doesn't report Promiscuous interfaces)
Index(es):
- Date
- Thread