[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] bindshell infected.

Subject: RE: [cobalt-users] bindshell infected.
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
Date: Fri Apr 6 00:11:38 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>  -----Original Message-----
> From: 	johnson@xxxxxxxxxxx@CPR
[mailto:IMCEANOTES-johnson+40sgemail+2Enet+40CPR@xxxxxx] 
> Sent:	Thursday, April 05, 2001 10:47 PM
> To:	cobalt-users@xxxxxxxxxxxxxxx
> Subject:	[cobalt-users] bindshell infected.
> 
>  
> Hi everyone,
> 
> I run chkrootkit today and it tells me that my bindshell was infected.
It
> doesn't show which port though. All patches had been updated for quite
some
> time.Any solutions? Have anyone tried installing BIND version 9 on
cobalt
> successfully?
> 
> Regards
> Johnson
> 

Are you running PortSentry? From the chkrootkit website:

I'm running PortSentry/klaxon. What's wrong with the bindshell test? 
If you're running PortSentry/klaxon or another program that binds itself
to unused ports probably chkrootkit will give you a false positive on
the bindshell test (ports 114/tcp, 465/tcp, 1008/tcp, 31336/tcp,
31337/tcp, 511/tcp, 47017/tcp, 27374/tcp, 47889/tcp). 


Curtis Ross

Prev by Date: Re: [cobalt-users] top posting?
Next by Date: [cobalt-users] restore iso
Previous by thread: [cobalt-users] bindshell infected.
Next by thread: [cobalt-users] CGI Wrap Errors? Help!?!?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index