* martin f krafft (madduck@debian.org) [030704 03:59]: > also sprach Vineet Kumar <debian-user@virtual.doorstop.net> [2003.07.03.2026 +0200]: > > My next suspicion is that although tcpdump itself is fine, libpcap > > may be screwy. I have libpcap0.7 0.7.2-1 here. > > You got it. Now either my libpcap got trojaned, or corrupted. How > can I find out? The MD5sum is different, the size is identical. Not sure. The only libpcap vulnerability I remember hearing about was a compile-time trojan (IIRC). It sounds very strange, though, that a corrupted file would still be a valid and that ldd would give sane results instead of crapping out completely. Although, I guess if the magic numbers and some headers are correct, ldd could do its thing. It could have somehow gotten crossed up with another library which does depend on libaviplaydha.so? > And to be honest: I highly doubt that someone got into this system. > It's not on a network and locked in my office... Not on a network? So what do you need tcpdump for? ;-) good times, Vineet -- http://www.doorstop.net/ -- "Extremism in the defense of liberty is no vice. Moderation in the pursuit of justice is no virtue." -- Barry Goldwater
Attachment:
signature.asc
Description: Digital signature