[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] chkrootkit output, what does it mean?

Subject: Re: [cobalt-security] chkrootkit output, what does it mean?
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Fri, 15 Mar 2002 12:21:07 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Mez,

> My chkrootkit log this morning is showing:
>
> Checking `sniffer'...
> eth0 is PROMISC
> eth0:0 is PROMISC
> eth0:2 is PROMISC
> eth0:3 is PROMISC
> eth0:4 is PROMISC
> eth0:5 is PROMISC
> eth0:1 is PROMISC
>
> Is this anything to worry about? Or can anyone tell me what it means?

That normally indicates that a network sniffer is active on your machine and 
is monitoring the network traffic. Unless you manually launched "tcpdump" or 
a similar shell command to diagnose your network traffic this is indeed 
something to worry about. Did chkrootkit warn you about any modified binaries?

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- Re: [cobalt-security] chkrootkit output, what does it mean?
  - From: Mez

References:
- [cobalt-security] [RAQ] strange permissions in /etc
  - From: Herby K
- [cobalt-security] chkrootkit output, what does it mean?
  - From: Mez

Prev by Date: OT Re: [cobalt-security] SUN don't care about security update ?
Next by Date: Re: [cobalt-security] chkrootkit output, what does it mean?
Previous by thread: [cobalt-security] chkrootkit output, what does it mean?
Next by thread: Re: [cobalt-security] chkrootkit output, what does it mean?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index