[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Chkrootkit & Bindshell

Subject: Re: [cobalt-users] Chkrootkit & Bindshell
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Wed Mar 21 17:19:43 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Leonard,

> I have just installed Chkrootkit 0-.23 for the first time.
> Compiled it and tried to run it as per TFM and could run it. Had to CHMOD
it
> after doing a crazy thing whilst root
>
> chmod 777 *      in /root     aargh

That shouldn't be necessary at all.

> Anyway I got one bad entry
>
> Checking `bindshell'... INFECTED (PORTS:  31337)

It's most likely portsentry:
fuser 31337/tcp (this will give you a pid)
ps -f --pid pidfromabove

Regards,
Jonathan Michaelson

Commercial Perl CGI Scripting
Cobalt RaQ Software Installation Services

References:
- [cobalt-users] Chkrootkit & Bindshell
  - From: Revd leonard payne

Prev by Date: Re: [cobalt-users] Re-Directing users on a 404 error
Next by Date: [cobalt-users] TELNET PROBLEM
Previous by thread: Re: [cobalt-users] Chkrootkit & Bindshell
Next by thread: Re: [cobalt-users] Chkrootkit & Bindshell

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index