[prev in list] [next in list] [prev in thread] [next in thread]
List: chkrootkit-users
Subject: [crt-users] chkrootkit bindshell INFECTED?
From: "Hannu Kotipalo" <hannu.kotipalo () innokasmedical ! fi>
Date: 2003-02-10 8:04:27
[Download RAW message or body]
Hi!
I got following from weekend cron chkrootkit (v 0.36, now updated)
------------------
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.6.0/i386-linux/.packlist /usr/lib/perl5/site_perl/5.6.0/i386-
linux/auto/Digest/MD5/.packlist
Checking `bindshell'... INFECTED (PORTS: 4369)
Checking `sniffer'...
Checking `z2'...
--------------------------
I think this is a false positive, really hope I'm right. Same result from sat, sun and mon
morning crontab entry, but not anymore on manual run. Should I be worried?
Looks like bindshell test just greps a port list from netstat output. Doesn't it also
detect local smb connections that happens to be on one of those ports?
System is behind a HW firewall.
Oh, I'm still running portsentry (not much use after we got the HW firewall)
--
Hannu Kotipalo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic