Re: chkrootkit sniffers
On Thursday 10 August 2006 23:23, Sven Hartge wrote:
> Um 22:48 Uhr am 10.08.06 schrieb Henri Salo:
> > I am running Debian stable (kernel 2.6.8-2) chkrootkit version 0.44 with
> > command chkrootkit and it gives me:
> > Checking `sniffer'... lo: PACKET SNIFFER(/sbin/dhclient)
> > eth0: PACKET SNIFFER(/sbin/dhclient, /sbin/dhclient)
> > eth1: PACKET SNIFFER(/sbin/dhclient)
> > is that serious?
> No. Both dhclient and dhcpd are known false positives.
> You should of course check, if those processes are _really_ a dhclient.
Isn't it strange that there is an DHCP client running on lo? I don't get the
point of doing that.