[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] bindshell INFECTED PORTS 1524 31337

Subject: [cobalt-security] bindshell INFECTED PORTS 1524 31337
From: "Paulos Putremos" <putremos@xxxxxxxxxxxxxx>
Date: Wed, 19 Sep 2001 04:34:47 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

can anyone tell me what going on here, i'm kinda worried :(

just ran the chkrootkit and it warns me:#

Checking `bindshell'... INFECTED (PORTS:  1524 31337)

I checked through Portsentry/Logcheck reports and came across:

Sep 17 19:32:55 server portsentry[5423]: attackalert: Connect from host: 62-36-148-15.dialup.uni2.es/62.36.148.15 to UDP port: 31337
Sep 17 19:32:55 server portsentry[5423]: attackalert: Ignoring UDP response per configuration file setting.

I'm a bit stumped, how do I figure out if its a false alarm or whether i have been comprimised (has anyone heard of exploits using those ports). I guess its been ignored because 31337 is not in my list of ports to monitor.

Any feedback is much appreciated

Paul Milne
Digit Limited



------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!

Prev by Date: Re: [cobalt-security] urgent question
Next by Date: [cobalt-security] [RaQ3] Portsentry - Can someone see where I'm going wrong :<
Previous by thread: RE: [cobalt-security] NIMBA VIRUS
Next by thread: RE: [cobalt-security] bindshell INFECTED PORTS 1524 31337

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index