Re: chkrootkit response (OT)
On Tuesday 14 February 2006 14:58, Brad Sawatzky wrote:
>On Tue, 14 Feb 2006, Gene Heskett wrote:
>> On Tuesday 14 February 2006 07:27, Paul Dwerryhouse wrote:
>> >On Tue, Feb 14, 2006 at 02:46:48AM -0500, Stephen wrote:
>> >> Is this a valid response or false positive ?
>> >>
>> >> /etc/cron.daily/chkrootkit:
>> >> eth0: PACKET SNIFFER(/sbin/dhclient[1102])
>> >
>> >False positive; it's because that program has your ethernet
>> > interface in promiscuous mode. For dhclient, this is completely
>> > normal, it needs to do this to function correctly.
>>
>> The machine I got that sample response from in the last post,
>> doesn't have a utility named dhclient on it, so I cannot confirm
>> that this is correct. It probably is though.
>>
>> Friggin vz blocks port 80 so we can't run our own web pages. And
>> they are the only game in town...:(
>
>FYI, try DynDNS's WebHop
> <http://www.dyndns.com/services/webredirect/webhop/> to get around
> ISP's brain-damaged port blocks. It's free and it works great!
>
Thanks Brad, I wasn't aware of that. I'll have to see what I can rig
up.
>-- Brad
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: