Date: Fri, 28 Mar 2003 04:41:32 -0600 From: "Mike Loiterman" <mike@ascendency.net> To: <freebsd-security@freebsd.org> Subject: Bindshell rootkit Message-ID: <020301c2f516$9ab16d80$0301a8c0@mike>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was just running chkrootkit on my system and it is reporting bindshell as infected on port 114. Other then that message, my system is clean. Tripwire doesn't detect and changes and nothing else (daily run or secuirty reporr) gave any unusal errors. The chkroot README says that running PORTSENTRY or klaxon will give a false positive, but I'm running neither. I suspect something (legitimate) else is running. How can I determine for sure? Is my system really compromised? - ------------------------------ Mike Loiterman grantADLER Medical Corporation Ph: 630-302-4944 Fax: 773-868-0071 PGP Key 0xD1B9D18E -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: This message has been digitally signed by Mike Loiterman iQA/AwUBPoQm22jZbUnRudGOEQLH5gCg9qMRGxjNIDLKcxInyKMESZPf03IAn1hK Mds09fVPu9eDz6fVQ+WQ6wkN =Bx9q -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?020301c2f516$9ab16d80$0301a8c0>