Hi, I've been looking around on google and this appears to be a port used for trinoo and DDos but I can't figure out or find any tools for detecting these on linux. Anyone have any suggestions how I can verify or any suggestions for a good rootkit/anti-virus for linux that can detect these?
Thanks, __neil -----Original Message----- From: OSSEC HIDS [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 7:07 AM To: netops Subject: OSSEC Notification - blade-gw-01 - Alert level 7 OSSEC HIDS Notification. 2008 Feb 15 07:06:22 Received From: blade-gw-01->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Port '34555'(tcp) hidden. Kernel-level rootkit or trojaned version of netstat. --END OF NOTIFICATION
