Re: Checking `bindshell'... INFECTED (PORTS: 3049)

[Sonixxfx]

Yes, and if you can connect something is listening on that port. Press enter a few times to see if you get a message from it then. The netstat command should show you what is listening on that port but rootkits often hide themselves from netstat, ps and such. So if it is open and it doesn't show up whith netstat and such you likely have a rootkit installed on your system. Probably the best way to get rid of the rootkit/hacker is reinstalling your os.

Regards,

Ben

On 9/28/05, George Alexandru Dragoi <[EMAIL PROTECTED]> wrote:

Try telnet-ing to that port


$ telnet localhost 3049

On 9/28/05, Dennis Stosberg < [EMAIL PROTECTED]> wrote:

Am 28.09.2005 um 09:45 schrieb [EMAIL PROTECTED]:

> Good time for all.
>
> I run chkrootkit and it returns :
> ...
> Checking `bindshell'... INFECTED (PORTS:  3049)
> ...
>
> What I need to do ? Links are welcome.

You will probably want to find out, whether your system is infected
or not.  The chkrootkit tool regularly produces false alarms.

Find out, which process has opened that port. "netstat -tulpe" will
show you all processes which listen on a tcp or udp port.  You need
to run this as root.

Regards,
Dennis

--
Send personal mail to [EMAIL PROTECTED] only.  Off-list
mails to [EMAIL PROTECTED] will not reach me.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

--
Bla bla