| View previous topic :: View next topic |
| Author |
Message |
kenthepostman
Apprentice
Joined: 02 Jul 2004
Posts: 245
Location: Stanford, CA
|
 Posted: Sat Jul 17, 2004 1:43 am Post subject: Chrootkit - sniffer or just dhcpd |
 |
|
I had a strange crash on my computer and I was wondering what happened. I found some strange log files but I just believe that a driver crashed the computer. I ran chkrootkit just in case and under sniffer I got the following message:
Checking `sniffer'... wlan0: PF_PACKET(/sbin/dhcpcd)
I googled it and I found some similiar posts saying that dhcp services can cause a false positive. Is this true? Also, if I set the IP address, gateway, etc manually chkrootkit finds nothing.
Some other strange error messages in my logs:'
From my Xorg log:
SetGrabKeysState - disabled
AUDIT: Fri Jul 16 20:32:02 2004: 6050 X: client 21 rejected from local host
SetGrabKeysState - enabled
From the Kernel Log:
Jul 16 20:34:46 kernsrc@KenLaptop bad: scheduling while atomic!
Jul 16 20:34:46 kernsrc@KenLaptop Call Trace:
Jul 16 20:34:46 kernsrc@KenLaptop [<c01180a6>] schedule+0x596/0x5a0
Jul 16 20:34:46 kernsrc@KenLaptop [<c012b905>] worker_thread+0x265/0x280
Jul 16 20:34:46 kernsrc@KenLaptop [<e19637c0>] statcollector_bh+0x0/0x120 [ndiswrapper]
Jul 16 20:34:46 kernsrc@KenLaptop [<c0118100>] default_wake_function+0x0/0x20
Jul 16 20:34:46 kernsrc@KenLaptop [<c0118100>] default_wake_function+0x0/0x20
Jul 16 20:34:46 kernsrc@KenLaptop [<c012b6a0>] worker_thread+0x0/0x280
Jul 16 20:34:46 kernsrc@KenLaptop [<c012efca>] kthread+0xaa/0xb0
Jul 16 20:34:46 kernsrc@KenLaptop [<c012ef20>] kthread+0x0/0xb0
Jul 16 20:34:46 kernsrc@KenLaptop [<c01052ad>] kernel_thread_helper+0x5/0x18
I believe the above is what caused the crash. Is there anything I should worry about. I am behind a the firewall of a wireless router. I don't think anything could really get passed but I haven't gotten the chance to set Iptables up yet.
Edit: Sorry about the long location before, couldn't change it once I realized it.
Last edited by kenthepostman on Sat Jul 17, 2004 3:29 am; edited 1 time in total |
|
| Back to top |
|
 |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20588
|
| Posted: Sat Jul 17, 2004 2:35 am Post subject: |
|
|
Moved from Installing Gentoo.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
kenthepostman
Apprentice
Joined: 02 Jul 2004
Posts: 245
Location: Stanford, CA
|
| Posted: Sun Jul 18, 2004 3:31 pm Post subject: |
|
|
| **bump** |
|
| Back to top |
|
|
Deranger
Veteran
Joined: 26 Aug 2004
Posts: 1215
|
| Posted: Mon Nov 29, 2004 6:49 pm Post subject: |
|
|
That's a false positive, and I'm 100% sure about it.
Most likely, kernel oops crashed your box and you should track down what caused it.
| Code: | | Jul 16 20:34:46 kernsrc@KenLaptop bad: scheduling while atomic! |
Wild guess, are you using Reiser4 with pre-empt? |
|
| Back to top |
|
|
|
Networking & Security
