Maybe it's my paranoia, but I've been adding a few tools to my system recently, and I've had a small panic as a result.
Using chkrootkit: Checking `lkm'... You have 1 process hidden for ps command Warning: Possible LKM Trojan installed Should I panic and if so, how much? Also, `nmap -sS -p 1-65535 127.0.0.1` says: 8000/tcp open unknown 8200/tcp open unknown 10000/tcp open unknown and `nmap -sS -P0 -p 1-65535 <my ppp0 ipaddress>` says: All 65535 scanned ports on (...) are: filtered Is that a good sign? Has nmap been fooled by an LKM? Have I wasted time chasing my tail? What is the best strategy for dealing with an LKM kit? Reinstall linux from CD or try to remove it?
