[ossec-list] false positive ?

Tue, 19 Oct 2010 07:40:35 -0700 

Hi

I have this level 7 alert fired by #510 rule:

Port '40848'(tcp) hidden. Kernel-level rootkit or trojaned version of
netstat

No over alerts of this level since one month ...

Is this a false positive ? (I hope ... )

Best regards.

Reply via email to