Re: Checking `bindshell'... INFECTED (PORTS: 3049)

[Sonixxfx <sonixxfx@gmail.com>]

Yes, and if you can connect something is listening on that port. Press
enter a few times to see if you get a message from it then. The netstat
command should show you what is listening on that port but rootkits
often hide themselves from netstat, ps and such. So if it is open and
it doesn't show up whith netstat and such you likely have a rootkit
installed on your system. Probably the best way to get rid of the
rootkit/hacker is reinstalling your os.

Regards,

Ben

On 9/28/05, George Alexandru Dragoi <waruiinu@gmail.com> wrote:

Try telnet-ing to that port


$ telnet localhost 3049

On 9/28/05, Dennis Stosberg < lists@stosberg.net> wrote:

Am 28.09.2005 um 09:45 schrieb deb@nerdshack.com:

> Good time for all.
>
> I run chkrootkit and it returns :
> ...
> Checking `bindshell'... INFECTED (PORTS:  3049)
> ...
>
> What I need to do ? Links are welcome.

You will probably want to find out, whether your system is infected
or not.  The chkrootkit tool regularly produces false alarms.

Find out, which process has opened that port. "netstat -tulpe" will
show you all processes which listen on a tcp or udp port.  You need
to run this as root.

Regards,
Dennis

--
Send personal mail to dennis@... only.  Off-list
mails to lists@stosberg.net will not reach me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--
Bla bla