[cobalt-security] bindshell INFECTED PORTS 1524 31337

Paulos Putremos Wed, 19 Sep 2001 04:27:37 -0700

can anyone tell me what going on here, i'm kinda worried :(

just ran the chkrootkit and it warns me:#

Checking `bindshell'... INFECTED (PORTS:  1524 31337)

I checked through Portsentry/Logcheck reports and came across:

Sep 17 19:32:55 server portsentry[5423]: attackalert: Connect from host: 
62-36-148-15.dialup.uni2.es/62.36.148.15 to UDP port: 31337
Sep 17 19:32:55 server portsentry[5423]: attackalert: Ignoring UDP response per 
configuration file setting.

I'm a bit stumped, how do I figure out if its a false alarm or whether i have been 
comprimised (has anyone heard of exploits using those ports). I guess its been ignored 
because 31337 is not in my list of ports to monitor.

Any feedback is much appreciated

Paul Milne
Digit Limited



------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

[cobalt-security] bindshell INFECTED PORTS 1524 31337

Reply via email to