If netstat isn't seeing the port, it's very likely that your netstat binary is compromised too.
-----Original Message----- From: Luigi Rosa [mailto:li...@luigirosa.com] Sent: 18 June 2013 16:57 To: rkhunter-users@lists.sourceforge.net Subject: [Rkhunter-users] SSH backdoor non detected by RKH Hi, I have a server (CentOS 6 64, fully updated) with a ssh backdoor on port 6108 The ssh has a different configuration from the standard ssh on port 22 netstat does not list open port, ss does but is not able to get the PID: # ss -lnp | grep 6108 LISTEN 0 20 *:6108 *:* Other means of detect do not show the backdoor. Ciao, luigi -- / +--[Luigi Rosa]-- \ If you push the "extra ice" button on the soft drink vending machine, you won't get any ice. If you push the "no ice" button, you'll get ice, but no cup. ---------------------------------------------------------------------------- -- This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
