[ossec-list] Re: ossec-rootcheck found hidden ports -- how can I verify if this is a false positive or not?

Peter M. Abraham Thu, 06 Sep 2007 18:07:28 -0700

Greetings Steve:

I finally got around to installing the latest nmap and checking nmap.


PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        ProFTPD 1.3.0a
22/tcp   open  ssh        OpenSSH 3.6.1p2 (protocol 2.0)
25/tcp   open  smtp       qmail smtpd
53/tcp   open  domain
80/tcp   open  http       Apache httpd
110/tcp  open  pop3       qmail pop3d
143/tcp  open  imap       Courier Imapd (released 2005)
443/tcp  open  http       Apache httpd
587/tcp  open  smtp       qmail smtpd
953/tcp  open  rndc?
3306/tcp open  mysql      MySQL 5.0.45-community-log
5001/tcp open  apc-agent  APC PowerChute agent
5432/tcp open  postgresql PostgreSQL DB
8009/tcp open  ajp13?
8080/tcp open  http       Apache httpd
8443/tcp open  http       Apache httpd

Yet, ossec-rootcheck shows

[FAILED]: Port '40773'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

Thank you.

[ossec-list] Re: ossec-rootcheck found hidden ports -- how can I verify if this is a false positive or not?

Reply via email to