Re: chkrootkit shows bindshell infected only with portsentry

From: Felix Tilley (ftilley_at_cyberbromo.int)
Date: 10/11/05

  • Next message: Anthony Campbell: "Re: chkrootkit shows bindshell infected only with portsentry"
    Date: Tue, 11 Oct 2005 04:13:23 GMT
    
    

    On Mon, 10 Oct 2005 08:01:54 +0000, Anthony Campbell Anthony Campbell
    <ac@acampbell.org.uk> wrote:

    > I just installed the latest version of chkrootkit (0.45). This showed that
    > bindshell is infected.
    >
    > Checking `bindshell'... INFECTED (PORTS: 1524 31337)
    >
    > However, if I stop portsentry the infection report disappears. Does this
    > mean it is a false positive?
    >
    > I don't want to reinstall the system if I don't have to!
    >
    > Anthony

    What does netstat -an show? Are you listening on those ports?

    --
    Felix Tilley
    MAJ, LARTvocate
    Fanatic Legions
    1-800-555-LART
    

  • Next message: Anthony Campbell: "Re: chkrootkit shows bindshell infected only with portsentry"

    Relevant Pages