On 12/4/2009 7:09 PM, unsp...@hushmail.com wrote:
Warning: Network TCP port 2006 is being used by
/usr/sbin/couriertls.
Possible rootkit: CB Rootkit or w00tkit Rootkit SSH server
Netstat -tulnap shows a whole bunch of similar connections open, so
I think this is normal? Question then is why
On Sat, 2009-12-05 at 10:22 -0500, Tanstaafl wrote:
Again - is there anything special about port 2006 that makes rkhunter
single it out?
Yes, it is known to be used by the CB and w00tkit rootkits. That's why
RKH is warning you about it. You can either whitelist the port itself
On 12/5/2009, John Horne (john.ho...@plymouth.ac.uk) wrote:
Again - is there anything special about port 2006 that makes
rkhunter single it out?
Yes, it is known to be used by the CB and w00tkit rootkits. That's
why RKH is warning you about it.
Ah, ok, now that makes sense. Thinking about
On Sat, 2009-12-05 at 12:10 -0500, Tanstaafl wrote:
On 12/5/2009, John Horne (john.ho...@plymouth.ac.uk) wrote:
Again - is there anything special about port 2006 that makes
rkhunter single it out?
Yes, it is known to be used by the CB and w00tkit rootkits. That's
why RKH is warning you
On Sat, 2009-12-05 at 17:45 +, John Horne wrote:
PORT_WHITELIST=couriertls TCP:2006 gpg:7701
Whoops! That is not valid, but was something I was thinking about. It is
not possible to whitelist an application using a specific port.
On 12/5/2009, John Horne (john.ho...@plymouth.ac.uk) wrote:
You can either whitelist the port itself (PORT_WHITELIST=TCP:2006),
or whitelist a particular application to use known bad ports
(PORT_WHITELIST=couriertls).
Ok, after a really bizarre ritual called 'reading the comments', I
On Sat, 2009-12-05 at 13:03 -0500, Tanstaafl wrote:
On 12/5/2009, John Horne (john.ho...@plymouth.ac.uk) wrote:
You can either whitelist the port itself (PORT_WHITELIST=TCP:2006),
or whitelist a particular application to use known bad ports
(PORT_WHITELIST=couriertls).
Ok, after a really
On Fri, 04 Dec 2009 18:57:43 +0100 Tanstaafl
tanstaafl+rkhun...@libertytrek.org wrote:
Warning: Network TCP port 2006 is being used by
/usr/sbin/couriertls.
Possible rootkit: CB Rootkit or w00tkit Rootkit SSH server
Netstat -tulnap shows a whole bunch of similar connections open,
so I
think