[ossec-list] ossec-rootcheck found hidden ports -- how can I verify if this is a false positive or not?

Peter M. Abraham Mon, 27 Aug 2007 07:13:51 -0700

Greetings:

I ran ossec-rootcheck manually on a server, and it found the
following:


[FAILED]: Port '32836'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

[FAILED]: Port '32887'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

[FAILED]: Port '32888'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

[FAILED]: Port '32889'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

[FAILED]: Port '33430'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

How can I verify if this is a false positive or not?

Thank you.

[ossec-list] ossec-rootcheck found hidden ports -- how can I verify if this is a false positive or not?

Reply via email to