[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

portsentry & chkrootkit (Was: Re: [cobalt-users] Chkrootkit query)

Subject: portsentry & chkrootkit (Was: Re: [cobalt-users] Chkrootkit query)
From: "Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Wed Apr 4 02:22:05 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Revd,

Do you have portsentry installed?

> Anyway I got one bad entry
> Checking `bindshell'... INFECTED (PORTS:  31337)
>
> I had already installed the BIND update from Cobalt
>
> What should I now do ?

Disable portsentry on this port. I had the same thing on a testmachine I
installed portsentry on.
I suggest you head on over to portsentry.conf, backup the lines you are
about to edit and delete all references to 31337 from those lines.

After that, or even better before that, add a rule to your ipchains firewall
and deny (and log) all traffic to port 31337.

Have a safe one... Nico

References:
- [cobalt-users] Chkrootkit query
  - From: Revd Leonard Payne

Prev by Date: Re: Portscans/IP list (Was: Re: [cobalt-users] PortSentry works !)
Next by Date: Re: [cobalt-users] Re: Raq2- frontpage 2000.. and weak connection
Previous by thread: [cobalt-users] Chkrootkit query
Next by thread: [cobalt-users] Webalizer Version 2 pkg

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index