Hi Vicent, As developer of Unhide I will try to help you.
First, to discover if it is a false positive or not, you can try to bind in this ports using necat nc -l 900 nc -l 895 If you can bind nc to this ports, probably could be a false positive so in the next mail you can send me (or to the list if you wish to make public the information) the output of ifconfig -a Thanks ! 2011/7/27 Vincent McIntyre <vincent.mcint...@gmail.com>: > Hi > > running rkhunter 1.3.8 on Linux. > > I'm seeing warnings from unhide (version 20080519), eg > > Warning: Hidden ports found: > Port number: 45812 > Port number: 895 > Port number: 900 > > and wondering what to do about them. > Repeated runs of unhide-tcp show that only the last two ports above > are persistent. > > There's not a lot of information to go on in the output above > and the unhide manpages are ... terse. > > tcpdumping while running unhide doesn't show any activity on the ports above. > It's not even clear which interface unhide is referring to - lo or > eth0. I'm assuming eth0. > > Any advice would be helpful. > Cheers > Vince > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users