Re: ifconfig doesn't report Promiscuous interfaces

To: Andres Salomon <dilinger@mp3revolution.net>
Cc: debian-security@lists.debian.org
Subject: Re: ifconfig doesn't report Promiscuous interfaces
From: S.Salman Ahmed <ssahmed@pathcom.com>
Date: Sat, 17 Mar 2001 00:32:03 -0500
Message-id: <[🔎] 15026.63187.385075.383200@viper.earth>
Reply-to: ssahmed@pathcom.com
In-reply-to: <[🔎] 20010316223744.A20474@mp3revolution.net>
References: <[🔎] 15026.48807.605690.280609@viper.earth> <[🔎] 20010317014434.23295.qmail@web13201.mail.yahoo.com> <[🔎] 15026.50750.958632.234323@viper.earth> <[🔎] 20010316223744.A20474@mp3revolution.net>

>>>>> "Andres" == Andres Salomon <dilinger@mp3revolution.net> writes:
    Andres>  On Fri, Mar 16, 2001 at 09:04:47PM -0500, S.Salman Ahmed
    Andres> wrote:
    Andres>  Of course, if your firewall was compromised, it wouldn't be
    Andres> suprising if both machines were compromised..
    Andres> 
    Andres> Unfortunately, I haven't had the change to play w/ knark
    Andres> yet, but I assume recompiling a kernel w/ modules support
    Andres> disabled would allow you to detect if the root kit is
    Andres> installed..
    Andres> 

Andres,

I recompiled 2.4.2 and this time I disabled all support for modules
(CONFIG_MODULES was not set). I booted this 2.4.2 kernel, and I still
get the same behaviour. When running either tcpdump or snort, ifconfig
still doesn't report the interface as being Promiscuous.

I found a program called knarkfinder.c that's supposed to check for the
knark rootkit, but the one I found doesn't compile with 2.4.2.

Any other ways I can try and detect this rootkit on my systems ?

Thanks.

-- 
Salman Ahmed
ssahmed AT pathcom DOT com

Reply to:

Follow-Ups:
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: "Noah L. Meyerhans" <frodo@morgul.net>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: Andres Salomon <dilinger@mp3revolution.net>

References:
- ifconfig doesn't report Promiscuous interfaces
  - From: S.Salman Ahmed <ssahmed@pathcom.com>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: Marlon Jabbur <marlonsj@yahoo.com.br>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: S.Salman Ahmed <ssahmed@pathcom.com>
- Re: ifconfig doesn't report Promiscuous interfaces
  - From: Andres Salomon <dilinger@mp3revolution.net>

Prev by Date: Re: Promiscuous mode (was Re: ifconfig doesn't report Promiscuous interfaces)
Next by Date: Re: ifconfig doesn't report Promiscuous interfaces
Previous by thread: Re: Promiscuous mode (was Re: ifconfig doesn't report Promiscuous interfaces)
Next by thread: Re: ifconfig doesn't report Promiscuous interfaces
Index(es):
- Date
- Thread