Re: INFECTED (PORTS: 600)
Do you get any unusual report with rkhunter?
chkrootkit has given me many false positives...I can remember false +'s
when portsentry or tiger were running.
On Thu, May 18, 2006 6:17 am, Morgan Walker said:
> Hey guys,
>
>
>
> Just new to this mailing list, hope you guys can help me out. I was
> testing out the chkrootkit package on one of my debian boxes. After
> running 'chkrootkit -q' I received the following output:
>
>
>
> INFECTED (PORTS: 600)
>
>
>
> I looked further into and narrowed down to this. 'netstat -naptu | grep
> 600' gave me the following ouput:
>
>
>
> udp 0 0 0.0.0.0:600 0.0.0.0:*
> 2120/rpc.statd
>
>
>
> I have searched around on other mailing lists and forums, but could
> never really get a definitive answer. Is this a common message for
> chkrootkit, should I be worried? Any help would be great, thanks in
> advance.
>
>
>
> ~Morgan
>
>
>
> Morgan Walker
> Systems Administrator/Engineer
> M*CAM, Inc.
> Omni Business Center
>
> 210 Ridge-McIntire Rd., Suite 300
>
> Charlottesville, VA 22903
> 434.979.7240 x311
>
>
>
> http://www.m-cam.com <http://www.m-cam.com>
> ========================================================This message,
> including any attachments, is intended solely for the use
> of the named recipient(s) and may contain confidential and/or
> privileged information. Any unauthorized review, use, disclosure or
> distribution of this communication(s) is expressly prohibited.
> If you are not the intended recipient, please contact the sender by
> reply e-mail and destroy any and all copies of the original message.
> Thank you.
> =======================================================
>
>
--
-JM. ?Estos días azules y este sol de la infancia ?(Antonio Machado-1939)
Reply to: