[prev in list] [next in list] [prev in thread] [next in thread]
List: chkrootkit-users
Subject: [crt-users] infected port ???
From: Matías_López_Bergero <mlopezb () udesa ! edu ! ar>
Date: 2004-11-29 15:43:01
Message-ID: 41AB4385.5090409 () udesa ! edu ! ar
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, I started seeing this message on Saturday.
INFECTED (PORTS: 600)
I run ./chkrootkit -q on RedHat 3ES, Linux 2.4.21 box.
I can see the port 600 with netstat,
# netstat -nap | grep 600
tcp 0 0 0.0.0.0:600 0.0.0.0:*
LISTEN 3812/rpc.rquotad
# ls -l /proc/3812/ | grep exe
lrwxrwxrwx 1 root root 0 Nov 29 12:40 exe ->
/usr/sbin/rpc.rquotad*
# rpm -qf /usr/sbin/rpc.rquotad
quota-3.09-1
# rpm -V quota-3.09-1
#
No output on rpm -V query.
Could this be a false positive?
BR,
Matías
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBq0OFRB0HKLRQp/gRAtZjAJ4jCOJDRFg0IGXZOGbFhwJa4f/xawCfS+6H
K2bx4Ecdy3TTnMwFkljk7NI=
=c2zO
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic