Re: ifconfig doesn't report Promiscuous interfaces
>>>>> "Andres" == Andres Salomon <dilinger@mp3revolution.net> writes:
Andres> On Fri, Mar 16, 2001 at 09:04:47PM -0500, S.Salman Ahmed
Andres> wrote:
Andres> Of course, if your firewall was compromised, it wouldn't be
Andres> suprising if both machines were compromised..
Andres>
Andres> Unfortunately, I haven't had the change to play w/ knark
Andres> yet, but I assume recompiling a kernel w/ modules support
Andres> disabled would allow you to detect if the root kit is
Andres> installed..
Andres>
Andres,
I recompiled 2.4.2 and this time I disabled all support for modules
(CONFIG_MODULES was not set). I booted this 2.4.2 kernel, and I still
get the same behaviour. When running either tcpdump or snort, ifconfig
still doesn't report the interface as being Promiscuous.
I found a program called knarkfinder.c that's supposed to check for the
knark rootkit, but the one I found doesn't compile with 2.4.2.
Any other ways I can try and detect this rootkit on my systems ?
Thanks.
--
Salman Ahmed
ssahmed AT pathcom DOT com
Reply to: