Re: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
On Sat, 19 Mar 2005 13:30:16 +0100, Vincent Lefevre
<vincent@vinc17.org> wrote:
> When running chkrootkit on some machine, I get:
>
> Checking `bindshell'... INFECTED (PORTS: 600)
Same here, but then on port 4000.
> "netstat -a" says:
>
> udp 0 0 *:600 *:*
>
> "lsof -i:600" says:
>
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> rpc.statd 1696 root 5u IPv4 1909 UDP *:600
On my system:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mlnet 2065 mldonkey 27u IPv4 4827 TCP *:4000 (LISTEN)
... yes, I've got mldonkey running, might be on port 4000, but what's
that got to do with bindshell? Should I worry?
> What's wrong?
Don't know, but would like to know...
--
Matthijs
vanaalten@hotmail.com
Reply to: