>From reading I've done I've learned if you get one or more of these on your system it's because your ethernet card is running in promiscuous mode long enough for the packet sniffer to be installed. When you do something like ifconfig eth0 -promisc up you're telling your ethernet card to only listen for frames broadcast specifically to it and not to listen for any other frames being broadcast to the left or right of your computer's network connection. Unfortunately, the Linux default is to come up in promiscuous mode when going onto the internet especially so with Debian. If you get a packet sniffer the three things you can try from easiest to hardest are: 1) install a network switch and replace any hubs with that switch, 2) encrypt all internet connections including and especially fetchmail, 3) do a complete system reinstall and arrange for encrypted connections before going out onto the internet. I use a netup script: #!/bin/sh poff dsl-provider ifconfig eth0 down ifconfig eth0 -promisc up dhclient eth0 to go onto the internet anymore. The thing is I do the pon dsl-provider back in my own user account so root isn't logged in. I can do most of this now with the exception of a good .fetchmailrc file. I have information on doing an encrypted connection with that but am going to get some local linux help to make sure I'm translating it correctly for my own needs. Once I get it working, I'll put the sanitized .fetchmailrc file up on speakup for anyone else who needs it or may need it in the future. Oh, the only ways I knew the packet sniffers were there was because I had chkrootkit installed and running when it got installed and I got the email describing the system compromise. Forewarned is forearmed.
