RE: Hacked too?

To: Igor Balusov <balusov@rambler.ru>
Cc: debian-security@lists.debian.org
Subject: RE: Hacked too?
From: Emmanuel Valliet <emmanuel.valliet@webmotion.com>
Date: Fri, 11 Jan 2002 18:01:46 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.44.0201111758390.6136-100000@arf.sys.lan>
In-reply-to: <[🔎] 3C3F6C0C.AA06360@mb1.rambler.ru>

(2002-01-12) Igor Balusov sed :

 | What is mean:
 | "If you're running PortSentry/klaxon or another program that binds itself to
 | unused ports probably chkrootkit will give you a false positive on the
 | bindshell test (ports .. 31336/tcp, 31337/tcp ...)."?
 | It is from http://www.chkrootkit.org/
 | My PC is really hacked or no? How I can determine it?
 | When I run "netstat -an" I get
 | "udp        0      0 0.0.0.0:31337           0.0.0.0:*"
 | How I can stop this?
 | Billy

fuser -n udp 31337 will give you the PID of the process lsitening on
the port 31337.
The with ps you will be able to discover the process hiding behind.
Otherwise, lsof is too your friend :)

-- 
VALLIET Emmanuel
Webmotion Inc. (-> http://www.webmotion.com <-)
Bored? Drive the speed limit... in your garage.

Reply to:

References:
- RE: Hacked too?
  - From: Igor Balusov <balusov@rambler.ru>

Prev by Date: RE: Hacked too?
Next by Date: RE: Hacked too?
Previous by thread: Re: Hacked too?
Next by thread: RE: Hacked too?
Index(es):
- Date
- Thread