Do you get any unusual report with rkhunter? chkrootkit has given me many false positives...I can remember false +'s when portsentry or tiger were running.
On Thu, May 18, 2006 6:17 am, Morgan Walker said: > Hey guys, > > > > Just new to this mailing list, hope you guys can help me out. I was > testing out the chkrootkit package on one of my debian boxes. After > running 'chkrootkit -q' I received the following output: > > > > INFECTED (PORTS: 600) > > > > I looked further into and narrowed down to this. 'netstat -naptu | grep > 600' gave me the following ouput: > > > > udp 0 0 0.0.0.0:600 0.0.0.0:* > 2120/rpc.statd > > > > I have searched around on other mailing lists and forums, but could > never really get a definitive answer. Is this a common message for > chkrootkit, should I be worried? Any help would be great, thanks in > advance. > > > > ~Morgan > > > > Morgan Walker > Systems Administrator/Engineer > M*CAM, Inc. > Omni Business Center > > 210 Ridge-McIntire Rd., Suite 300 > > Charlottesville, VA 22903 > 434.979.7240 x311 > > > > http://www.m-cam.com <http://www.m-cam.com> > ========================================================This message, > including any attachments, is intended solely for the use > of the named recipient(s) and may contain confidential and/or > privileged information. Any unauthorized review, use, disclosure or > distribution of this communication(s) is expressly prohibited. > If you are not the intended recipient, please contact the sender by > reply e-mail and destroy any and all copies of the original message. > Thank you. > ======================================================= > > -- -JM. Estos días azules y este sol de la infancia (Antonio Machado-1939) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
