* Quoting Bas ([EMAIL PROTECTED]):
> If you do not run Portsentry you have a problem..
I disagree.
There could be another process listening at that.
- Rolf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I presume you run Portsentry on the same machine if you
do than the blindshell INFECTED is nothing to worry about
ITs normal behavior if you run Portsentry and chkrootkit on the same
machine.
If you do not run Portsentry you have a problem..
Bas
--
To UNSUBSCRIBE, email to [EMAIL PROT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 24 Feb 2004 14:32:26 +0100,
Greg <[EMAIL PROTECTED]> wrote:
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
>
> I am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 24 Feb 2004 14:32:26 +0100,
Greg <[EMAIL PROTECTED]> wrote:
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
>
> I am
On Tue, Feb 24, 2004 at 10:37:44AM -0500, Noah Meyerhans wrote:
> On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
> >
> > Looks like there are a lot of false positives on it.
> >
>
> It looks like there are a lot of false positives with chkrootkit in
> general. Seriously, has anybody h
Alohá!
Noah Meyerhans wrote:
> On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
>
>> Looks like there are a lot of false positives on it.
>>
>
>
> It looks like there are a lot of false positives with chkrootkit in
> general. Seriously, has anybody here ever had chkrootkit detect an
> a
On Tue, Feb 24, 2004 at 10:37:44AM -0500, Noah Meyerhans wrote:
> On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
> >
> > Looks like there are a lot of false positives on it.
> >
>
> It looks like there are a lot of false positives with chkrootkit in
> general. Seriously, has anybody h
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
>
> Looks like there are a lot of false positives on it.
>
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever had chkrootkit detect an
actual rootkit? Questions about its output
Alohá!
Noah Meyerhans wrote:
> On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
>
>> Looks like there are a lot of false positives on it.
>>
>
>
> It looks like there are a lot of false positives with chkrootkit in
> general. Seriously, has anybody here ever had chkrootkit detect an
> ac
On Tue, Feb 24, 2004 at 09:14:05AM +0200, Sneferu wrote:
>
> Looks like there are a lot of false positives on it.
>
It looks like there are a lot of false positives with chkrootkit in
general. Seriously, has anybody here ever had chkrootkit detect an
actual rootkit? Questions about its output
t; <[EMAIL PROTECTED]>
To:
Sent: Tuesday, February 24, 2004 8:53 AM
Subject: chkrootkit - possible bad news`
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell'... INFECTED (POR
May be you have installed "fakebo"?
Billy
You might not be hacked after all.
Read this: http://www.webhostgear.com/25.html
Also some googling might help ;-)
http://www.google.ro/search?q=%27bindshell%27...+INFECTED+%28PORTS%3A++1524+31337&ie=UTF-8&oe=UTF-8&hl=ro&btnG=Caut%C4%83&meta=
Looks like there are a lot of false positives on it
On Tuesday 24 February 2004 07:53, Greg wrote:
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Try a nmap port scan from the outside to your ip address. If those ports are
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how no interpret this. I have checked logs, as well as binary
checks and everything "seems" fine. Can someone help
t; <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 24, 2004 8:53 AM
Subject: chkrootkit - possible bad news`
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell
May be you have installed "fakebo"?
Billy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
You might not be hacked after all.
Read this: http://www.webhostgear.com/25.html
Also some googling might help ;-)
http://www.google.ro/search?q=%27bindshell%27...+INFECTED+%28PORTS%3A++1524+31337&ie=UTF-8&oe=UTF-8&hl=ro&btnG=Caut%C4%83&meta=
Looks like there are a lot of false positives on it.
On Tuesday 24 February 2004 07:53, Greg wrote:
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Try a nmap port scan from the outside to your ip address. If those ports are
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how no interpret this. I have checked logs, as well as binary
checks and everything "seems" fine. Can someone help
20 matches
Mail list logo
