[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] chkrootkit output, what does it mean?
- Subject: Re: [cobalt-security] chkrootkit output, what does it mean?
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 15 Mar 2002 12:21:07 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Mez,
> My chkrootkit log this morning is showing:
>
> Checking `sniffer'...
> eth0 is PROMISC
> eth0:0 is PROMISC
> eth0:2 is PROMISC
> eth0:3 is PROMISC
> eth0:4 is PROMISC
> eth0:5 is PROMISC
> eth0:1 is PROMISC
>
> Is this anything to worry about? Or can anyone tell me what it means?
That normally indicates that a network sniffer is active on your machine and
is monitoring the network traffic. Unless you manually launched "tcpdump" or
a similar shell command to diagnose your network traffic this is indeed
something to worry about. Did chkrootkit warn you about any modified binaries?
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer