D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] rootkit, chkrootkit

 

I installed chkrootkit (debian sarge) and the first night I received the
following email:

----- Forwarded message from Cron Daemon <root@newdebian> -----

Subject: Cron <root@newdebian> test -x /usr/sbin/anacron || run-parts --report 
/etc/cron.daily
Date: Tue, 04 Oct 2005 06:25:30 +0100

/etc/cron.daily/chkrootkit:
eth0: PACKET SNIFFER(/sbin/dhclient[2834])

----- End forwarded message -----


I have just checked this out on google and the only message I got was
versions of the following: "dhclient does set some socket options which
chkrootkit might detect as sniffing. Basically, dhclient needs to accept
any traffic, because it runs before the interface has an IP. That's my
guess, at least, sorry for the non-confidence inspiring lack of
technical details."

Can anyone comment?

Many thanks


Attachment: signature.asc
Description: Digital signature