Article 8418 at 06/12/30 09:32:13 From: arturs (at mark) netvision.net.il Subject: [coba-e:08418] Re: System hacked?!?!?

Index: [Article Count Order] [Thread]

Date:  Sat, 30 Dec 2006 02:03:39 +0200
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:08418] Re: System hacked?!?!?
To:  coba-e (at mark) bluequartz.org
Message-Id:  <016701c72ba5$f9b2a0a0$3701a8c0@lapxp>
In-Reply-To:  <005701c72b97$908c2c30$6600a8c0 (at mark) hundredacrewood.willspc.net>
X-Mail-Count: 08418

> Services on:
> Email Servers  

What kind of mail serives are in which position?

> Simple Network Management Protocol (SNMP) Server  

Do you have SNMP on? For what purpose? If you can then you better have it
off.

> Can I just chalk it up to false positives from chkrootkit?
> 
> --Will

Looks legitimate to me.
You could play around with 'netstat' - it can show which app is listenning.

If further check shows OK, then I would count it FP from chkrootkit.
Btw, are you up to latest version?

Best,

--
Arthur Sherman

+972-52-4878851
CPTeam