Article 8385 at 06/12/29 19:59:08 From: will (at mark) willspc.net Subject: [coba-e:08385] System hacked?!?!?

Index: [Article Count Order] [Thread]

Date:  Fri, 29 Dec 2006 05:58:56 -0500
From:  "Will Nordmeyer" <will (at mark) willspc.net>
Subject:  [coba-e:08385] System hacked?!?!?
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <002401c72b38$56fdb920$6600a8c0 (at mark) hundredacrewood.willspc.net>
X-Mail-Count: 08385

This morning's chkrootkit output is declaring that bindshell is infected.
ports 465, 1524 & 31337.  When I do a netstat -tanup and grep for those
ports, I see sendmail using 465 and portsentry using 1524 & 31337.

Am I getting a false positive?  What else can I check?

I'm installing rootkithunter as we speak.

--Will

	8385_2.html (attatchment)(tag is disabled)