Lawrence Houston <[EMAIL PROTECTED]> writes: > Running the latest CHKROOTKIT (0.43) under Debian (3.0r2) I am now > receiving the following messages on my Router: > > Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient-2.2.x) > eth1: PF_PACKET(/sbin/dhclient-2.2.x, /usr/sbin/dhcpd-2.2.x) > > Which is a bit worrisome since I had NOT this with previous versions of > CHKROOTKIT (up to and including 0.42b)!!! Does anyone know if this is > "normal" for Woody's dhcp-client???
yes, it's normal. it just means that /sbin/dhclient-2.2.x, /usr/sbin/dhcpd-2.2.x use the packet interface (which many sniffers use). consider it a false positive. -l -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
