Bindshell rootkit
Mike Loiterman
mike at ascendency.net
Sun Mar 30 10:14:57 PST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was just running chkrootkit on my system and it is reporting bindshell as infected on port 114.
Other then that message, my system is clean. Tripwire doesn't detect and changes and nothing else (daily run or secuirty reporr) gave any unusal errors.
The chkroot README says that running PORTSENTRY or klaxon will give a false positive, but I'm running neither. I suspect something (legitimate) else is running. How can I determine for sure? Is my system really compromised?
- ------------------------------
Mike Loiterman
grantADLER Medical Corporation
Ph: 630-302-4944
Fax: 773-868-0071
PGP Key 0xD1B9D18E
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: This message has been digitally signed by Mike Loiterman
iQA/AwUBPoQm22jZbUnRudGOEQLH5gCg9qMRGxjNIDLKcxInyKMESZPf03IAn1hK
Mds09fVPu9eDz6fVQ+WQ6wkN
=Bx9q
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list