[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Chkrootkit - possible slapper worm

Subject: Re: [cobalt-users] Chkrootkit - possible slapper worm
From: "Andy Clyde, oxfordmusic.net" <cobalt-users@xxxxxxxxxxxxxxx>
Date: Sat May 10 05:10:03 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> >
>
> You can get a false positive if you're running a RADIUS server that
> binds to all IP addresses.

no. not running RADIUS.

> Take a look at the chkrootkit source, especially
>
> >    SLAPPER_PORT="0.0:2002 0.0|:4156 0.0|:1978 |0.0:1812 |0.0:2015 "
>
> Are you running anything on those ports?
>

no. checked that and nothing on these ports (at least not via netstat -an).
funnily enough, i deleted some files from /tmp and the warning went away
(not straightaway but overnight). i am running RealServer which does use
some funny ports but none of the ones listed above.
is it safe to assume that it was a false positive?

andy

Follow-Ups:
- Re: [cobalt-users] Chkrootkit - possible slapper worm
  - From: Richard Siddall

References:
- [cobalt-users] Chkrootkit - possible slapper worm
  - From: Andy Clyde, oxfordmusic.net
- Re: [cobalt-users] Chkrootkit - possible slapper worm
  - From: Richard Siddall

Prev by Date: [cobalt-users] [raq4] how to make 404's revert to homepage on a virtual server?
Next by Date: Re: [cobalt-users] Webalizer/Summarizer feedback/problems
Previous by thread: Re: [cobalt-users] Chkrootkit - possible slapper worm
Next by thread: Re: [cobalt-users] Chkrootkit - possible slapper worm

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index