Article 8425 at 06/12/31 02:02:26 From: arturs (at mark) netvision.net.il Subject: [coba-e:08425] Re: System hacked?!?!?

Index: [Article Count Order] [Thread]

Date:  Sat, 30 Dec 2006 18:36:15 +0200
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:08425] Re: System hacked?!?!?
To:  coba-e (at mark) bluequartz.org
Message-Id:  <018c01c72c30$a0117720$3701a8c0@lapxp>
In-Reply-To:  <00ce01c72c12$2c51a490$6600a8c0 (at mark) hundredacrewood.willspc.net>
X-Mail-Count: 08425

> I've considered doing that... BUT...  the current netstat 
> indicates the
> ports are in use by sendmail & PortSentry.  When I shutdown 
> portsentry &
> sendmail and then run chkrootkit again (have now upgraded to 
> V0.47) it shows
> no bindshell issues.
> 
> I also installed rkhunter-1.2.8 yesterday and, while it 
> doesn't recognize my
> OS (and didn't run MD5 checks)... it finds no evidence of any 
> rootkits.
> 
> --Will

Seems to be FP from older version of chkrootkit.

Best,

--
Arthur Sherman

+972-52-4878851
CPTeam