Re: chkrootkit sniffers
Um 22:48 Uhr am 10.08.06 schrieb Henri Salo:
> I am running Debian stable (kernel 2.6.8-2) chkrootkit version 0.44 with
> command chkrootkit and it gives me:
>
> Checking `sniffer'... lo: PACKET SNIFFER(/sbin/dhclient[29148])
> eth0: PACKET SNIFFER(/sbin/dhclient[29148], /sbin/dhclient[29307])
> eth1: PACKET SNIFFER(/sbin/dhclient[29148])
>
> is that serious?
No. Both dhclient and dhcpd are known false positives.
You should of course check, if those processes are _really_ a dhclient.
Grüße,
Sven.
--
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/
Achtung, neue Mail-Adresse: sven@svenhartge.de
Reply to: