My rkhunter-1.3.4 said that smbd was using Port 2006: > [03:22:09] Überprüfe auf TCP Port 2006 [ Warnung ] > [03:22:09] Warnung: Netzwerk TCP Port 2006 wird verwendet by > /usr/sbin/smbd. Mögliches Rootkit: CB Rootkit or w00tkit Rootkit SSH server
As I read that warning I couldn't see anything listening on port 2006. smbd was only listening on its expected ports. I cannot tell by the checksum if the smbd binary was compromised as I'm using a source distribution (gentoo). But recompiling produced at least a binary with an equal size. I have no idea where to look further for the source of this warning. Might it be possible that rkhunter would even alert if somebody would talk to my smbd with the source port 2006? Is there anything know about false positives in conjunction with port 2006 or samba? Markus Malkusch ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
