Hi,
Well, I am running debian woody and have disabled ftp, etc. I have
installed chkrootkit on my system and regularly run it see whether
anything is amiss. Just now, I found this:
....
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Checking `lkm'... nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0 is not promisc
Checking `wted'... nothing deleted
Checking `z2'...
nothing deleted
I am surprised about bindshell. I do not have such a program on my
system. Can somebody give some information on this so that I can
block/secure my system?
Regards,
--
Sridhar M.A. mas at uomphysics dot net
So much
depends
upon
a red
wheel
barrow
glazed with
rain
water
beside
the white
chickens.
-- William Carlos Williams, "The Red Wheel Barrow"
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
