Michael Loftis wrote: > > > --On May 18, 2006 9:17:09 AM -0400 Morgan Walker <[EMAIL PROTECTED]> wrote: > >> >> >> Hey guys, >> >> >> >> Just new to this mailing list, hope you guys can help me out. I was >> testing out the chkrootkit package on one of my debian boxes. After >> running 'chkrootkit --q' I received the following output: > > Use lsof and ps to find out who's running that proc and where from. If > root isn't running it then someone has a hacked binary that's trying > to hide, if root is, and lsof indicates it's not /sbin/rpc.statd then > you're owned. It's kind of unusual for statd to show up on such a low > port but not totally unheard of.
Indeed, root has to be running it. It looks like a privileged port to me. Vincent Deffontaines -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]