Bug 1577499 - Network Attack: Sniffer
Summary: Network Attack: Sniffer
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 27
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2018-05-12 13:21 UTC by Ali
Modified: 2018-05-21 08:08 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-05-21 08:08:49 UTC
Type: Bug

Attachments (Terms of Use)

Description Ali 2018-05-12 13:21:42 UTC
When running a security check with an Intrusion Detection software named 'chkrootkit' Fedora 27 - Xfce Desktop Environment I get these results:

Checking `sniffer'... enp0s29u1u3: PF_PACKET(/usr/sbin/dhclient, /usr/sbin/dhclient)

It looks like my system (dhclient: 3976)has been attacked by network sniffers. I also found suspicious files and directories in /usr/lib/.build-id.

How do I remove network sniffers from dhclient(3976)?

Comment 1 Beniamino Galvani 2018-05-21 08:08:49 UTC
dhclient is the DHCP client, which needs a raw socket to work, so this is a false positive. If you are paranoid you could check that the dhclient binary was not altered by verifying the package with:

rpm -V dhcp-client

Note You need to log in before you can comment on or make changes to this bug.