Whilst testing the 2.6.0-test1 kernel (I am sorry I am currently on dialup and
have not had chance to test it on test2 yet) I experienced some very odd
behaviour, namely entries vanishing from the list of established tcp
connections. Please read the attached file, if this interests you, it is just
one transcript of the behaviour although I have experienced it several times.
I do not beleive the host has been compromised, I have compared the md5sum of
netstat on both mine and a friends installation of Debian woody and both
produce the same, as far as I am aware no one has developed kernel level
malware for this version of the kernel in the form of lkms yet and the irratic
behavour seems inconsistent of what a compromise may result in.
fd2c999a20b1e9bbb395ee8389208923 /bin/netstat
-rwxr-xr-x 1 root root 86892 Nov 24 2001 /bin/netstat
I appologise if this is the wrong place to send such a bug, could you please
forward it to the appropriate person.
Regards
phased
netstatbug
Description: Binary data
|