Re: chkrootkit shows bindshell infected only with portsentry
From: Felix Tilley (ftilley_at_cyberbromo.int)
Date: Tue, 11 Oct 2005 04:13:23 GMT
On Mon, 10 Oct 2005 08:01:54 +0000, Anthony Campbell Anthony Campbell
> I just installed the latest version of chkrootkit (0.45). This showed that
> bindshell is infected.
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
> However, if I stop portsentry the infection report disappears. Does this
> mean it is a false positive?
> I don't want to reinstall the system if I don't have to!
What does netstat -an show? Are you listening on those ports?
-- Felix Tilley MAJ, LARTvocate Fanatic Legions 1-800-555-LART