I presume you run Portsentry on the same machine if you
do than the blindshell INFECTED is nothing to worry about
ITs normal behavior if you run Portsentry and chkrootkit on the same
machine.
If you do not run Portsentry you have a problem..
Bas
--
To UNSUBSCRIBE, email to [EMAIL
* Quoting Bas ([EMAIL PROTECTED]):
If you do not run Portsentry you have a problem..
I disagree.
There could be another process listening at that.
- Rolf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Alohá!
Noah Meyerhans wrote:
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
Looks like there are a lot of false positives on it.
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever had chkrootkit detect an
actual
On Tue, Feb 24, 2004 at 10:37:44AM -0500, Noah Meyerhans wrote:
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
Looks like there are a lot of false positives on it.
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 24 Feb 2004 14:32:26 +0100,
Greg [EMAIL PROTECTED] wrote:
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how no interpret this. I have checked logs, as well as binary
checks and everything seems fine. Can someone help
On Tuesday 24 February 2004 07:53, Greg wrote:
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Try a nmap port scan from the outside to your ip address. If those ports are
You might not be hacked after all.
Read this: http://www.webhostgear.com/25.html
Also some googling might help ;-)
http://www.google.ro/search?q=%27bindshell%27...+INFECTED+%28PORTS%3A++1524+31337ie=UTF-8oe=UTF-8hl=robtnG=Caut%C4%83meta=
Looks like there are a lot of false positives on it.
May be you have installed fakebo?
Billy
]
To: debian-security@lists.debian.org
Sent: Tuesday, February 24, 2004 8:53 AM
Subject: chkrootkit - possible bad news`
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
Looks like there are a lot of false positives on it.
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever had chkrootkit detect an
actual rootkit? Questions about its output
Alohá!
Noah Meyerhans wrote:
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
Looks like there are a lot of false positives on it.
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever had chkrootkit detect an
actual
On Tue, Feb 24, 2004 at 10:37:44AM -0500, Noah Meyerhans wrote:
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
Looks like there are a lot of false positives on it.
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 24 Feb 2004 14:32:26 +0100,
Greg [EMAIL PROTECTED] wrote:
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how no interpret this. I have checked logs, as well as binary
checks and everything seems fine. Can someone help
On Tuesday 24 February 2004 07:53, Greg wrote:
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Try a nmap port scan from the outside to your ip address. If those ports are
You might not be hacked after all.
Read this: http://www.webhostgear.com/25.html
Also some googling might help ;-)
http://www.google.ro/search?q=%27bindshell%27...+INFECTED+%28PORTS%3A++1524+31337ie=UTF-8oe=UTF-8hl=robtnG=Caut%C4%83meta=
Looks like there are a lot of false positives on it.
May be you have installed fakebo?
Billy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 24, 2004 8:53 AM
Subject: chkrootkit - possible bad news`
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how
19 matches
Mail list logo