On Sat, Mar 19, 2005 at 11:37:43PM +0100, Vincent Lefevre wrote: > On 2005-03-19 18:31:03 +0100, Matthijs wrote: > > On Sat, 19 Mar 2005 13:30:16 +0100, Vincent Lefevre > > <vincent@vinc17.org> wrote: > > > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > > > rpc.statd 1696 root 5u IPv4 1909 UDP *:600 > > > > On my system: > > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > > mlnet 2065 mldonkey 27u IPv4 4827 TCP *:4000 (LISTEN) > > > > ... yes, I've got mldonkey running, might be on port 4000, but what's > > that got to do with bindshell? Should I worry? > > In my case, I don't even know why rpc.statd listens on port 600. Nor do I, but I do know that chkrootkit often gives false positives for bindshell. It does on one of my systems due to portsentry. Try cross-checking with rkhunter. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
signature.asc
Description: Digital signature