[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] bindshell INFECTED PORTS 1524 31337
- Subject: [cobalt-security] bindshell INFECTED PORTS 1524 31337
- From: "Paulos Putremos" <putremos@xxxxxxxxxxxxxx>
- Date: Wed, 19 Sep 2001 04:34:47 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
can anyone tell me what going on here, i'm kinda worried :(
just ran the chkrootkit and it warns me:#
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I checked through Portsentry/Logcheck reports and came across:
Sep 17 19:32:55 server portsentry[5423]: attackalert: Connect from host: 62-36-148-15.dialup.uni2.es/62.36.148.15 to UDP port: 31337
Sep 17 19:32:55 server portsentry[5423]: attackalert: Ignoring UDP response per configuration file setting.
I'm a bit stumped, how do I figure out if its a false alarm or whether i have been comprimised (has anyone heard of exploits using those ports). I guess its been ignored because 31337 is not in my list of ports to monitor.
Any feedback is much appreciated
Paul Milne
Digit Limited
------------------------------------------------------------
Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com
AntiOnline - The Internet's Information Security Super Center!