in order to avoid/reduce questions about old/unsupported ntop versions, we decided to develop (Burton did that) a version tracking system into ntop.
The first time you start ntop your host queries for the latest avaiable ntop and reports you about this. If you don't like this policy add --skip-version-check to the ntop command line and you'll run without it.
Cheers, Luca
Antoine Martin wrote:
Sorry about that, chkrootkit seemed to think that ntop was a bindshell and because ntop connected to jake.unipi.it, I thought you were using that rootkit.
It isn't really obvious when you download ntop that it will attempt to connect to "jake.unipi.it", I bet I am not the first one to be surprised by this.
Also it is not clear to me why you send all this information about my machine (this is not the kind of thing I would like to have publically available - flying across the net in plain/text): "GET /version.xml HTTP/1.0..Host: version.ntop.org..User-Agent: ntop/3.0+SourceForge+.tgz host/i686-pc-linux-gnu distro/slackware release/9.1. 0 kernrlse/2.6.4-rc2 GCC/3.2.3 config() run() gdbm/1.8.3. gd/2.0.21+ openssl/0.9.7d zlib/1.2.1 access/http interfaces(eth)..Accept: */*...."
Regards Antoine Martin
On Thu, 2004-04-01 at 19:55, Antoine Martin wrote:
Hi,
I noticed a rootkit on my server, would you mind telling me how you got in? (clearly through ntop) but how? I am not aware of any remote exploits in the current ntop.
Regards
Antoine Martin
Nagafix Ltd
-- Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ Hacker: someone who loves to program and enjoys being clever about it - Richard Stallman
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
