Date: Fri, 28 Mar 2003 04:41:32 -0600 From: "Mike Loiterman" <mike@ascendency.net> To: <freebsd-security@freebsd.org> Subject: Bindshell rootkit Message-ID: <020301c2f516$9ab16d80$0301a8c0@mike>
next in thread | raw e-mail | index | archive | help
=20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was just running chkrootkit on my system and it is reporting bindshell = as infected on port 114. Other then that message, my system is clean. Tripwire doesn't detect = and changes and nothing else (daily run or secuirty reporr) gave any = unusal errors. The chkroot README says that running PORTSENTRY or klaxon will give a = false positive, but I'm running neither. I suspect something = (legitimate) else is running. How can I determine for sure? Is my = system really compromised? - ------------------------------ Mike Loiterman grantADLER Medical Corporation Ph: 630-302-4944 Fax: 773-868-0071 PGP Key 0xD1B9D18E=20 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: This message has been digitally signed by Mike Loiterman iQA/AwUBPoQm22jZbUnRudGOEQLH5gCg9qMRGxjNIDLKcxInyKMESZPf03IAn1hK Mds09fVPu9eDz6fVQ+WQ6wkN =3DBx9q -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?020301c2f516$9ab16d80$0301a8c0>