[prev in list] [next in list] [prev in thread] [next in thread] 

List:       chkrootkit-users
Subject:    Re[2]: [crt-users] Slapper found....but where is it?
From:       Filbert <Filbert () pandora ! be>
Date:       2003-02-11 7:53:33
[Download RAW message or body]

Hello Hannu,

Tuesday, February 11, 2003, 8:34:01 AM, you wrote:

HK>  Me too! 
HK> I updated the openssl package before slapper came, and did not found any 
HK> suspicious files. I'm quiet sure mine was a false positive. netstat -anp revealed that 
HK> one smbd connection was on port 2015, which caused the alarm.

HK> I quess that the bindshell warning was similar. Seems like smbd causes false alarms 
HK> quite easily..

Yes, in our case a radius daemon on UDP/1812 was causing the false
alarm.

Thanks to the group for the help.



-- 
 Filbert                          mailto:Filbert@pandora.be

[prev in list] [next in list] [prev in thread] [next in thread]