Bug 1577499 - Network Attack: Sniffer
Summary: Network Attack: Sniffer
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 27
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-12 13:21 UTC by Ali
Modified: 2018-05-21 08:08 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-21 08:08:49 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ali 2018-05-12 13:21:42 UTC 
When running a security check with an Intrusion Detection software named 'chkrootkit' Fedora 27 - Xfce Desktop Environment I get these results:

Checking `sniffer'... enp0s29u1u3: PF_PACKET(/usr/sbin/dhclient, /usr/sbin/dhclient)

It looks like my system (dhclient: 3976)has been attacked by network sniffers. I also found suspicious files and directories in /usr/lib/.build-id.

How do I remove network sniffers from dhclient(3976)?
Comment 1 Beniamino Galvani 2018-05-21 08:08:49 UTC 
dhclient is the DHCP client, which needs a raw socket to work, so this is a false positive. If you are paranoid you could check that the dhclient binary was not altered by verifying the package with:

rpm -V dhcp-client
Note You need to log in before you can comment on or make changes to this bug.