Re: chkrootkit response
On Tuesday 14 February 2006 02:46, Stephen wrote:
>Is this a valid response or false positive ?
>eth0: PACKET SNIFFER(/sbin/dhclient)
I believe thats a valid response unless you were running tcpdump at the
time it scanned your system. I'd certainly worry about it, and
wouldn't rest till I found that puppy.
A normal situation looks like this in the chkrootkit output:
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
eth1: not promisc and no PF_PACKET sockets
You may not have the 2nd ethernet card, I'm paranoid and run iptables to
connect the two, one faces the router and through it the internet via a
dsl connection, the other faces a switch that the rest of my home
network uses for a hub. I've had 3 knocks on the door make it to the
logs in 3 years, and thats as far as they got since that box also runs
tcpwrappers and portsentry, which can be pretty vicious guard dogs if
Some cracker has got to get thru 2 NAT's & a MASQUERADE to make it that
>Thanks, I'm not subscribed so would appreciate a direct response.
>+++++++++++ Wagner's music is better than it sounds.
> -- Mark Twain
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.