Re: chkrootkit shows bindshell infected only with portsentry
From: Felix Tilley (ftilley_at_cyberbromo.int)
Date: 10/11/05
- Previous message: Cameron L. Spitzer: "Re: chkrootkit shows bindshell infected only with portsentry"
- In reply to: Anthony Campbell: "chkrootkit shows bindshell infected only with portsentry"
- Next in thread: Anthony Campbell: "Re: chkrootkit shows bindshell infected only with portsentry"
- Reply: Anthony Campbell: "Re: chkrootkit shows bindshell infected only with portsentry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Oct 2005 04:13:23 GMT
On Mon, 10 Oct 2005 08:01:54 +0000, Anthony Campbell Anthony Campbell
<ac@acampbell.org.uk> wrote:
> I just installed the latest version of chkrootkit (0.45). This showed that
> bindshell is infected.
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
>
> However, if I stop portsentry the infection report disappears. Does this
> mean it is a false positive?
>
> I don't want to reinstall the system if I don't have to!
>
> Anthony
What does netstat -an show? Are you listening on those ports?
-- Felix Tilley MAJ, LARTvocate Fanatic Legions 1-800-555-LART
- Previous message: Cameron L. Spitzer: "Re: chkrootkit shows bindshell infected only with portsentry"
- In reply to: Anthony Campbell: "chkrootkit shows bindshell infected only with portsentry"
- Next in thread: Anthony Campbell: "Re: chkrootkit shows bindshell infected only with portsentry"
- Reply: Anthony Campbell: "Re: chkrootkit shows bindshell infected only with portsentry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
