From owner-freebsd-security Mon Oct 7 14:14:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF49C37B401 for ; Mon, 7 Oct 2002 14:14:34 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7555C43E4A for ; Mon, 7 Oct 2002 14:14:34 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 0A0A9154D5; Mon, 7 Oct 2002 14:11:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 07C88154D3; Mon, 7 Oct 2002 14:11:25 -0700 (PDT) Date: Mon, 7 Oct 2002 14:11:25 -0700 (PDT) From: Mike Hoskins To: Anthony Schneider Cc: Riley , FreeBSD Security Subject: Re: chkrootkit help In-Reply-To: <20021007211539.GA65775@x-anthony.com> Message-ID: <20021007141041.S84008-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 7 Oct 2002, Anthony Schneider wrote: > > You could try using a trusted sockstat binary to verify what's listening > > on the local system. > > % sockstat -4l > quick aside: sockstat is a perl script, unless this changed with > 4.6.2. Eww, I hadn't noticed. Good point, stick to a safe netsat from cdrom, etc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message