[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Bindshell Infected

Subject: [cobalt-users] Bindshell Infected
From: "Tom Dupre" <dupre@xxxxxxxxxxxxxx>
Date: Tue May 22 18:07:06 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I've found quite a few reports of:
Checking `bindshell'... INFECTED
when running chkrootkit

I understand this appears if you're running Portsentry.  I don't have
Portsenty installed.  Does this mean I've definitely been hacked or can the
message be erroneous in other circumstances?

I have a RaQ4r with all patches appliced.  SSH is used to access the machine
(telnet is switched off). My ISP has not noticed any signs that the machine
has been hacked; if they detect port-scanning etc. from hacked machines they
switch them off.

I would be grateful for any help.

Tom Dupre

Follow-Ups:
- Re: [cobalt-users] Bindshell Infected
  - From: Carrie Bartkowiak

References:
- Re: [cobalt-users] Adding ssh user
  - From: Hendrik Runte

Prev by Date: Re: [cobalt-users] Raq 2 info
Next by Date: Re: [cobalt-users] Normal CPU Temperature?
Previous by thread: Re: [cobalt-users] Adding ssh user
Next by thread: Re: [cobalt-users] Bindshell Infected

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index