tcpdump and libpcap hacked

Discussion in 'other security issues & news' started by FanJ, Nov 15, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Hackers drop spyware into popular tool

    By Robert Lemos
    Staff Writer, CNET
    November 14, 2002, 5:27 PM PT

    The main Web site for downloading a popular open-source network-monitoring tool remained off-line Thursday following a revelation that rogue hackers had implanted spyware in the latest version of the software.
    Copies of tcpdump, a utility for monitoring data traffic on a network, and its library of code, called libpcap, had both been corrupted on the site, said Michael Richardson, Webmaster for the site and a member of the open-source project that maintains the tools.

    "The server has been taken down until we can be sure we have found the problem," Richardson said in a phone interview Thursday.

    However, other sites had already downloaded the software from the main server and hosted the files on their own computers, a practice known as mirroring. It's unknown how many of these other sites have corrupted copies of the code, Richardson said, although some have already confirmed that they have found the Trojan horse.

    Tcpdump is a utility used by Unix, Linux and BSD system administrators to monitor--or "sniff"--the data that passes over the network. Libpcap is a code library that helps programmers write programs to tap into network data on many different platforms.

    Read more:
  2. controler

    controler Guest

    Sounds like digital signatures are getting a boost and my fear of Linux being targeted more is comming true.
    There aren't that many people out there that actualy use those MD5
    signatures to verify downloads either. Why? well it takes time and effort LOL
  3. FanJ

    FanJ Guest

    Hi Controler,

    About Linux in this respect:
    libpcap can also be used by Snort (sniffer that can be used on a windows-system), if I understood it well.......
  4. controler

    controler Guest

    Yes FanJ that is correct
    SNORT can be used for Windows also.
    The last time I posted here on SNORT, I remember that was a very difficult thing to get up and running.
    I haven't looked at it in a while
  5. FanJ

    FanJ Guest

    I have to admit ( :oops:) that I haven't used Snort...
    I have AWPTA (Atelier Web Port Traffic Analyser), not exactly the same thing but it is able to give you some info.
  6. FanJ

    FanJ Guest


    UNICRON Technical Expert

    Feb 14, 2002
    Nanaimo BC Canada
    very interesting development. As a Linux and Unix user , this is fairly significant. I hope it is an isolated occurrence.

    tcpdump is pretty neat tool.
Thread Status:
Not open for further replies.