I've noticed on recent versions of redhat some of the packet dumping software does not throw the nic in PROMISC mode. I haven't tested this with snort, but I have seen it with tcpdump(it's in the man pages).=20 Superuser has to put the nic in promisc mode before you can dump packtes on the "any interface". Not sure if this is a library or something tcpdump is doing itself, however the tcpdump man page says since later versions of the 2.2 kernel and newer so I would assume it is probably the libraries doing it for tcpdump. You may want to make double sure snort really has the nic in PROMISC mode. --rat On Mon, 2002-05-06 at 07:00, Bruno Gimenes Pereti wrote: >=20 > Hello, >=20 > I tried it on a redhat 7.1 running snort and it didn=B4t detected the > promiscue mode. >=20 > Bruno Pereti. >=20 >=20 > ----- Original Message ----- > From: "Danish Usman" <danish5041@hotmail.com> > To: <security-discuss@linuxsecurity.com> > Sent: Sunday, May 05, 2002 4:00 AM > Subject: Re: chkrootkit >=20 >=20 > > > > Hi there, > > I have tried this on my redhat box on which i have installed > > rootkit. Its Works fine. its detect the rootkit in sudden. :) > > > > Regards, > > > > Danish Usman > > > > Network Administrator > > > > > > >From: David Correa <tech@linux-tech.com> > > >Reply-To: security-discuss@linuxsecurity.com > > >To: security-discuss@linuxsecurity.com > > >Subject: chkrootkit > > >Date: Fri, 3 May 2002 15:05:06 -0700 (PDT) > > > > > > > > > > > >It would be nice if some people could try it and send > > >some feed back to the list. > > > > > >http://www.chkrootkit.org/ > > >http://freshmeat.net/projects/chkrootkit/?topic_id=3D43 > > > > > >David Correa > > >Public Key http://www.linux-tech.com/linuxtech.asc > > >Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8 > > > > > >----------------------------------------------------------------------= -- > > > To unsubscribe email security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > > > > > > > > > > > > > _________________________________________________________________ > > Join the world's largest e-mail service with MSN Hotmail. > > http://www.hotmail.com > > > > -----------------------------------------------------------------------= - > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > >=20 > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
