I run into the "hidden ports" issue on a couple of my boxes. My experience has been that after a reboot, the warnings go away for a while, then return. I wish there was a way to determine which program or process was spawning the hidden port.
Dimitri On Thursday 19 May 2011 11:54:02 am Andy Clyde - OMN Hosting wrote: > Neither myself nor the data centre remember changing anything > that might have affected this. > > I tried a hard reboot in case that made any difference and that > has made the warnings go away... > > Andy > > On 10/05/11 20:21, Yago Jesus wrote: > > Its so extrange for me because when I have read Andy I have > > suspect about a problem with the netstat regexp in unhide-tcp > > but, this kind of problem should show many ports not only > > one. > > > > Did you change something in kernel mode ? > > > > 2011/5/10 John Horne<john.ho...@plymouth.ac.uk>: > >> On Tue, 2011-05-10 at 16:55 +0100, Andy Clyde - OMN Hosting wrote: > >>> On 10/05/11 15:24, unsp...@hushmail.com wrote: > >>>> On Tue, 10 May 2011 09:51:14 +0200 Andy Clyde - OMN > >>>> Hosting > >>>> > >>>> <andy.cl...@omnhosting.co.uk> wrote: > >>>>> Any other ideas? > >>>> > >>>> Run 'tcp-unhide 2>&1>/path/to/output.log' (at the same > >>>> time you run RKH?), review the log and attach output? > >>> > >>> Unhide 20090810 > >>> http://www.security-projects.com/?Unhide > >> > >> Have you tried using the latest version of unhide. The web > >> site shows it to be dated 2011-01-13 I haven't tried this > >> version myself, but the later versions offered more options > >> which may provide more info. > >> > >> http://www.unhide-forensics.info/?Download > >> > >> > >> > >> John. > >> > >> -- > >> John Horne, University of Plymouth, UK > >> Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > >> > >> > >> ------------------------------------------------------------ > >>------------------ Achieve unprecedented app performance and > >> reliability What every C/C++ and Fortran developer should > >> know. Learn how Intel has extended the reach of its > >> next-generation tools to help boost performance applications > >> - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay > >> _______________________________________________ > >> Rkhunter-users mailing list > >> Rkhunter-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/rkhunter-users > > > > ------------------------------------------------------------- > >----------------- Achieve unprecedented app performance and > > reliability What every C/C++ and Fortran developer should > > know. > > Learn how Intel has extended the reach of its next-generation > > tools to help boost performance applications - inlcuding > > clusters. http://p.sf.net/sfu/intel-dev2devmay > > _______________________________________________ > > Rkhunter-users mailing list > > Rkhunter-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > > -- > OMN hosting is a trading name of oxfordmusic.net Ltd > Registered Office: Unit 13 King's Meadow, > Ferry Hinksey Road, Oxford.OX2 0DP > 01865 798796 > Company Registration Number: 04265491 > > --------------------------------------------------------------- >--------------- What Every C/C++ and Fortran developer Should > Know! > Read this article and learn how Intel has extended the reach of > its next-generation tools to help Windows* and Linux* C/C++ and > Fortran developers boost performance applications - including > clusters. http://p.sf.net/sfu/intel-dev2devmay > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
