packet sniffers

Jude DaShiell jdashiel at shellworld.net
Tue Jun 27 01:43:15 EDT 2006


>From reading I've done I've learned if you get one or more of these on 
your system it's because your ethernet card is running in promiscuous mode 
long enough for the packet sniffer to be installed.  When you do something 
like ifconfig eth0 -promisc up you're telling your ethernet card to only 
listen for frames broadcast specifically to it and not to listen for any 
other frames being broadcast to the left or right of your computer's 
network connection.  Unfortunately, the Linux default is to come up in 
promiscuous mode when going onto the internet especially so with Debian. 
If you get a packet sniffer the three things you can try from easiest to 
hardest are: 1) install a network switch and replace any hubs with that 
switch, 2) encrypt all internet connections including and especially 
fetchmail, 3) do a complete system reinstall and arrange for encrypted 
connections before going out onto the internet.  I use a netup script: 
#!/bin/sh poff dsl-provider ifconfig eth0 down ifconfig eth0 -promisc up 
dhclient eth0 to go onto the internet anymore.  The thing is I do the pon 
dsl-provider back in my own user account so root isn't logged in.  I can 
do most of this now with the exception of a good .fetchmailrc file.  I 
have information on doing an encrypted connection with that but am going 
to get some local linux help to make sure I'm translating it correctly for 
my own needs.  Once I get it working, I'll put the sanitized .fetchmailrc 
file up on speakup for anyone else who needs it or may need it in the 
future.  Oh, the only ways I knew the packet sniffers were there was 
because I had chkrootkit installed and running when it got installed and I 
got the email describing the system compromise.  Forewarned is forearmed.






More information about the Speakup mailing list