Void's Forums

Void Main's Beautiful Site

Skip to content

rkhunter & promisc. broadcast on NIC

Discuss Applications
Post a reply

rkhunter & promisc. broadcast on NIC

Postby Basher52 » Thu Aug 04, 2011 3:00 am

I just saw this on my eth0 NIC:

Code: Select all
--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.3.8 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Possible promiscuous interfaces:
         'ifconfig' command output:
             eth0      Link encap:Ethernet  HWaddr 00:19:66:05:C8:ED 
                       UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
         'ip' command output:
             eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

----------------------- End Rootkit Hunter Scan -----------------------


What does this mean?
Do I got a rootkit on it?
User avatar
Basher52
guru
guru
 
Posts: 881
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE
Top

Re: rkhunter & promisc. broadcast on NIC

Postby Void Main » Thu Aug 04, 2011 7:39 pm

I'm pretty sure it means you have rkhunter installed.
User avatar
Void Main
Site Admin
Site Admin
 
Posts: 5705
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Top

Re: rkhunter & promisc. broadcast on NIC

Postby Basher52 » Fri Aug 05, 2011 1:42 am

hehe good answer, but it is that application that makes it promiscuous?
promiscuous for me sounds not good :(
User avatar
Basher52
guru
guru
 
Posts: 881
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE
Top

Re: rkhunter & promisc. broadcast on NIC

Postby Void Main » Fri Aug 05, 2011 5:28 am

Are you running anything that would have the interface open in promiscuous mode? i.e. snort, tcpdump, wireshark, some network monitoring/statistics app?
User avatar
Void Main
Site Admin
Site Admin
 
Posts: 5705
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Top

Re: rkhunter & promisc. broadcast on NIC

Postby Basher52 » Sun Aug 07, 2011 3:35 pm

Well now when you ask, I remembered that I used tcpdump for a while
User avatar
Basher52
guru
guru
 
Posts: 881
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE
Top

Re: rkhunter & promisc. broadcast on NIC

Postby X11 » Tue Dec 13, 2011 9:48 pm

Promiscous mode just means your network card can 'listen in,' you are worried about nothing.
X11
guru
guru
 
Posts: 674
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Top

Re: rkhunter & promisc. broadcast on NIC

Postby Basher52 » Wed Dec 14, 2011 12:26 pm

Well, I just wanna be sure that's no one was poking around :P
User avatar
Basher52
guru
guru
 
Posts: 881
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE
Top
Post a reply

Return to Applications

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group