On Tue, 18 Jun 2013 17:57:16 +0200 "Luigi Rosa"
<li...@luigirosa.com> wrote:
>Hi,
>I have a server (CentOS 6 64, fully updated) with a ssh backdoor
on port 6108
>
>The ssh has a different configuration from the standard ssh on
port 22
Different how? What's the location of the file(s)?
>
>netstat does not list open port, ss does but is not able to get
the PID:
>
># ss -lnp | grep 6108
>LISTEN 0 20 *:6108
> *:*
Indeed binaries could have been replaced. What does RKH detect?
Please also try 'lsof -Pwlni tcp:6108' or 'fuser -nuv tcp 6108'.
Did you verify all packages with 'rpm -Vva 2>&1 | grep -v
"^\.\{8\}";'?
>Other means of detect do not show the backdoor.
What *other* means exactly?
unSpawn
---
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
