[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Chkrootkit
- Subject: Re: [cobalt-security] Chkrootkit
- From: "David Black" <DavidBlack@xxxxxxxxxxxxxxx>
- Date: Sat, 3 Aug 2002 15:07:11 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I think that's fairly common (for RaQs to show
'bindshell', as being infected). I believe it has
something to do with active monitor.
:D
--
David Black
http://theWaveCave.com
Web Site design, hosting, and programming
Custom multimedia, animation and graphics
---------- Original Message -----------
From: "Keith Medhurst" <keith@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Sat, 3 Aug 2002 21:00:16 +0100
Subject: [cobalt-security] Chkrootkit
> Hello,
>
> Hope this is the right place to mention this. I've just been running the
> latest chkrootkit (.36?) and it gives the following message..
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
>
> I cant seem to find anything on these ports using 'netstat' - Anyone with
> any ideas, or what a bindshell is for it to become infected?
>
> Thanks in advance,
>
> Keith Medhurst
> Gridstar Networking Int.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
------- End of Original Message -------