PACKET SNIFFER detected
Ryan Mann
rmann at rmisp.net
Mon Mar 28 14:12:27 EST 2005
Dhclient is actually a DHCP client. If you're on an
Ethernet network, you probably need a DHCP client to get an
IP address, unless you have a static IP.
Ryan
On Mon, 28 Mar 2005, Jude DaShiell wrote:
> I used chkrootkit -q and found a packet sniffer on this system. So decided
> to do something about it. First I ran unlink dhclient <cr> and that removed
> the PACKET SNIFFER dhclient[865] from the system according to chkrootkit -q
> when once run again. Interestingly chkrootkit reports a packet sniffer as
> deleted once this is done rather than being silent. Then I took the system
> off line by disconnecting the ehternet cable from the computer and rebooted
> it. I ran chkrootkit -q again and silence was all that came back. Okay no
> more packet sniffer, so while the system is still offline let's change all
> the passwords to new strong passwords then run pwconv on them. Other things
> I'm sure will still require a system reinstallation but packet sniffers can
> at least be handled relatively easily. By the way, I'm living quite close to
> a military base which is a very major target of foreign intelligence so
> expect more packet sniffers will be on this system shortly. At least now I
> have a procedure for dealing with them and I'll be running chkrootkit more
> frequently too.
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
More information about the Speakup
mailing list