Re: chkrootkit response (OT)

To: debian-user@lists.debian.org
Subject: Re: chkrootkit response (OT)
From: Brad Sawatzky <brad+debian@swatter.net>
Date: Tue, 14 Feb 2006 14:58:40 -0500
Message-id: <[🔎] 20060214195840.GA4011@dragon.swatter.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200602141031.20329.gene.heskett@verizon.net>
References: <[🔎] 20060214074648.GA25800@localhost> <[🔎] 20060214122727.GA7036@dwerryhouse.com.au> <[🔎] 200602141031.20329.gene.heskett@verizon.net>

On Tue, 14 Feb 2006, Gene Heskett wrote:

> On Tuesday 14 February 2006 07:27, Paul Dwerryhouse wrote:
> >On Tue, Feb 14, 2006 at 02:46:48AM -0500, Stephen wrote:
> >> Is this a valid response or false positive ?
> >>
> >> /etc/cron.daily/chkrootkit:
> >> eth0: PACKET SNIFFER(/sbin/dhclient[1102])
> >
> >False positive; it's because that program has your ethernet interface
> > in promiscuous mode. For dhclient, this is completely normal, it
> > needs to do this to function correctly.
> 
> The machine I got that sample response from in the last post, doesn't 
> have a utility named dhclient on it, so I cannot confirm that this is 
> correct.  It probably is though.
> 
> Friggin vz blocks port 80 so we can't run our own web pages.  And they 
> are the only game in town...:(

FYI, try DynDNS's WebHop <http://www.dyndns.com/services/webredirect/webhop/> 
to get around ISP's brain-damaged port blocks.  It's free and it works
great!

-- Brad

Reply to:

Follow-Ups:
- Re: chkrootkit response (OT)
  - From: Gene Heskett <gene.heskett@verizon.net>

References:
- chkrootkit response
  - From: Stephen <stephen.d.allen@gmail.com>
- Re: chkrootkit response
  - From: Paul Dwerryhouse <paul@dwerryhouse.com.au>
- Re: chkrootkit response
  - From: Gene Heskett <gene.heskett@verizon.net>

Prev by Date: Re: Routing problem
Next by Date: Re: apt-get update's messages
Previous by thread: Re: chkrootkit response
Next by thread: Re: chkrootkit response (OT)
Index(es):
- Date
- Thread