Re: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)

To: debian-user@lists.debian.org
Subject: Re: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
From: Matthijs <vanaalten@hotmail.com>
Date: Sat, 19 Mar 2005 18:31:03 +0100
Message-id: <[🔎] cboo31dmrd57305jb2brnq2vn682omqpds@4ax.com>
References: <[🔎] 20050319120654.GI3125@ay.vinc17.org>

On Sat, 19 Mar 2005 13:30:16 +0100, Vincent Lefevre
<vincent@vinc17.org> wrote:

> When running chkrootkit on some machine, I get:
> 
> Checking `bindshell'... INFECTED (PORTS:  600)

Same here, but then on port 4000.

> "netstat -a" says:
> 
> udp        0      0 *:600                   *:*                                
> 
> "lsof -i:600" says:
> 
> COMMAND    PID USER   FD   TYPE DEVICE SIZE NODE NAME
> rpc.statd 1696 root    5u  IPv4   1909       UDP *:600 

On my system:
COMMAND  PID     USER   FD   TYPE DEVICE SIZE NODE NAME
mlnet   2065 mldonkey   27u  IPv4   4827       TCP *:4000 (LISTEN)

... yes, I've got mldonkey running, might be on port 4000, but what's
that got to do with bindshell? Should I worry?

> What's wrong?

Don't know, but would like to know...
-- 
Matthijs
vanaalten@hotmail.com

Reply to:

Follow-Ups:
- Re: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
  - From: Vincent Lefevre <vincent@vinc17.org>

References:
- chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
  - From: Vincent Lefevre <vincent@vinc17.org>

Prev by Date: Re: cron and anacron
Next by Date: Re: Scanner recommendation, please.
Previous by thread: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
Next by thread: Re: chkrootkit: Checking `bindshell'... INFECTED (PORTS: 600)
Index(es):
- Date
- Thread