On 7/27/11, Yago Jesus <yje...@security-projects.com> wrote: > Hi Vicent, > > As developer of Unhide I will try to help you. >
My apologies for the delay in responding, it was unavoidable. Today I had 3 ports reported: 869, 33781, 57151 > First, to discover if it is a false positive or not, you can try to > bind in this ports using necat I tried this and got the same result in each case: % nc -v -l -p 869 listening on [any] 869 ... ^C I repeated the rkhunter run (--cronjob --report-warnings-only --appendlog) a few hours later and found only one port: 924. I ran nc as above on that port and waited for a minute or so. Nothing. > > If you can bind nc to this ports, probably could be a false positive > so in the next mail you can send me (or to the list if you wish to > make public the information) the output of > > ifconfig -a I'll send this privately but the gist is eth0 with just a v4 address and lo with 127.0.0.1. Nothing fancy. Cheers Vince ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
