Hi Brian, > This is from the chkrootkit website: > [snip] > Of course the only way to know for sure it to shut off PortSentry and then > rerun chkrootkit. �Simple enough process.
Yepp. I think you are right, IF Portsentry is running in standard mode and not "advanced TCP" and/or "advanced UDP" mode. That is what I usually use and with that I never had problems in conjunction with Chkrootkit. In "advanced" mode Portsentry usually only binds to unused ports below 1023. In "standard" mode is uses a list defined in the configuration file to bind to a whole bunch of ports, many of them above 1023. This sure can cause false alarms with many tools. > Michael, thanks for your informative post on LSOF and other hacker > detection techniques. Hey, no problem. I'm always glad to be of help and am returning just the same favours that others gave me when I was the newcommer to linux. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
