[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chkrootkit response

On Tuesday 14 February 2006 07:27, Paul Dwerryhouse wrote:
>On Tue, Feb 14, 2006 at 02:46:48AM -0500, Stephen wrote:
>> Is this a valid response or false positive ?
>>
>> /etc/cron.daily/chkrootkit:
>> eth0: PACKET SNIFFER(/sbin/dhclient[1102])
>
>False positive; it's because that program has your ethernet interface
> in promiscuous mode. For dhclient, this is completely normal, it
> needs to do this to function correctly.

The machine I got that sample response from in the last post, doesn't 
have a utility named dhclient on it, so I cannot confirm that this is 
correct.  It probably is though.

Friggin vz blocks port 80 so we can't run our own web pages.  And they 
are the only game in town...:(

>Cheers,
>
>Paul
>
>--
>Paul Dwerryhouse    | PGP Key ID: 0x6B91B584
>======================================================================
>== Installing Debian Sarge with software RAID:
>http://nepotismia.com/debian/raidinstall/

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: