[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)

Subject: SV: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)
From: "Kai r. s., euroweb as" <kai@xxxxxxxxxx>
Date: Mon, 10 Dec 2001 23:55:10 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,
I do run Portsentry on this server but have done that for a long time, and
never got that message before when running Chkrootkit.If this is Portsentery
it should have been giving that messagelong time ago at once it was
innstalled? And Chrootkit allso point out port 1524. But i tell you all what
i find when finishing the metod i got from Michael.

Kai



> Emne: Re: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)
>
>
> Hi Brian,
>
> > Port 31337 is likely just a false positive from Portsentry
>
> I'm not so sure. When Chkrootkit says "bindshell", then this info
> is pretty
> accurate. Chkrootkit never complains about Portsentry.
>
> However, port 31337 is usually associated with Back Orifice which will of
> course not run on a Linux box.
>
> --
>
> With best regards,
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- Re: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)
Next by Date: [cobalt-security] DNS advise.
Previous by thread: Re: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)
Next by thread: Re: [cobalt-security] bindshell'... INFECTED (PORTS: 1524 31337)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index