[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Hacked too?

(2002-01-12) Igor Balusov sed :

 | What is mean:
 | "If you're running PortSentry/klaxon or another program that binds itself to
 | unused ports probably chkrootkit will give you a false positive on the
 | bindshell test (ports .. 31336/tcp, 31337/tcp ...)."?
 | It is from http://www.chkrootkit.org/
 | My PC is really hacked or no? How I can determine it?
 | When I run "netstat -an" I get
 | "udp        0      0 *"
 | How I can stop this?
 | Billy

fuser -n udp 31337 will give you the PID of the process lsitening on
the port 31337.
The with ps you will be able to discover the process hiding behind.
Otherwise, lsof is too your friend :)

VALLIET Emmanuel
Webmotion Inc. (-> http://www.webmotion.com <-)
Bored? Drive the speed limit... in your garage.

Reply to: