Re: False positive chkrootkit report for rpc.statd process as 'bindshell' exploit

Incoming from Karsten M. Self: > Going through system mail, I found several chkrootkit runs showing a > possible bindshell exploit: > > Checking `bindshell'... INFECTED (PORTS: 600) > > On checking with 'chkrootkit -x bindshell', turns out that I h

False positive chkrootkit report for rpc.statd process as 'bindshell' exploit

Going through system mail, I found several chkrootkit runs showing a possible bindshell exploit: Checking `bindshell'... INFECTED (PORTS: 600) On checking with 'chkrootkit -x bindshell', turns out that I had a process open on port 600 UDP: ud