Re: Chkrootkit report

2005-12-27 Thread Dennis Stosberg
Rick Friedman wrote: > I just ran a program called chkrootkit. It reports the following: > > eth0: PACKET SNIFFER(/usr/sbin/pppd[5072]) > > I realize that 5072 is the process id for pppd. But what is the message > actually saying? Is there a problem with pppd?? Or is this normal? A "packet sni

Chkrootkit report

2005-12-27 Thread Rick Friedman
I just ran a program called chkrootkit. It reports the following: eth0: PACKET SNIFFER(/usr/sbin/pppd[5072]) I realize that 5072 is the process id for pppd. But what is the message actually saying? Is there a problem with pppd?? Or is this normal? Rick -- Rick's Law: What cannot be imagined wi

Re: False positive chkrootkit report for rpc.statd process as 'bindshell' exploit

2004-03-26 Thread s. keeling
Incoming from Karsten M. Self: > Going through system mail, I found several chkrootkit runs showing a > possible bindshell exploit: > > Checking `bindshell'... INFECTED (PORTS: 600) > > On checking with 'chkrootkit -x bindshell', turns out that I h

False positive chkrootkit report for rpc.statd process as 'bindshell' exploit

2004-03-26 Thread Karsten M. Self
Going through system mail, I found several chkrootkit runs showing a possible bindshell exploit: Checking `bindshell'... INFECTED (PORTS: 600) On checking with 'chkrootkit -x bindshell', turns out that I had a process open on port 600 UDP: ud