wierd netstat(/proc/net) behaviour

From: phased (phased@mail.ru)
Date: Wed Jul 30 2003 - 18:23:46 EST

Whilst testing the 2.6.0-test1 kernel (I am sorry I am currently on dialup and have not had chance to test it on test2 yet) I experienced some very odd behaviour, namely entries vanishing from the list of established tcp connections. Please read the attached file, if this interests you, it is just one transcript of the behaviour although I have experienced it several times.

I do not beleive the host has been compromised, I have compared the md5sum of netstat on both mine and a friends installation of Debian woody and both produce the same, as far as I am aware no one has developed kernel level malware for this version of the kernel in the form of lkms yet and the irratic behavour seems inconsistent of what a compromise may result in.

fd2c999a20b1e9bbb395ee8389208923 /bin/netstat
-rwxr-xr-x 1 root root 86892 Nov 24 2001 /bin/netstat

I appologise if this is the wrong place to send such a bug, could you please forward it to the appropriate person.



To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:02 EST