Pigeon wrote:
On Sat, Mar 19, 2005 at 11:37:43PM +0100, Vincent Lefevre wrote:On 2005-03-19 18:31:03 +0100, Matthijs wrote:On Sat, 19 Mar 2005 13:30:16 +0100, Vincent Lefevre <vincent@vinc17.org> wrote:COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME rpc.statd 1696 root 5u IPv4 1909 UDP *:600On my system: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME mlnet 2065 mldonkey 27u IPv4 4827 TCP *:4000 (LISTEN) ... yes, I've got mldonkey running, might be on port 4000, but what's that got to do with bindshell? Should I worry?In my case, I don't even know why rpc.statd listens on port 600.Nor do I, but I do know that chkrootkit often gives false positives for bindshell. It does on one of my systems due to portsentry. Try cross-checking with rkhunter.
I think I've read somewhere that mysql also gives false positives for bindshell. Sorry for the private email Pigeon. Thunderbird reply does not reply to group for some reason. -- B. L. Jilek (GPG:52597432) | ICQ: 83785391 bljilek@yahoo.com | Yahoo: bljilek www.topazcrow.com | AOL: brianleejilek -----------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature