-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 27 January 2002 04:29 am, Mike Burger wrote: > I run "chkrootkit" on my system, nightly, to try to ensure that > nobody's found a way behind my firewall and hacked in. > > This morning, while perusing my nightly logs and messages, chkrootkit > came up with a positive hit in its BINDSHELL tests, telling me that > something was listening on port 1008. > > This, of course, did not happen, yesterday. > > The only real change is that I ran up2date, and downloaded the latest > XFree86 packages, bringing them to .eve. 4.1.0-15.
Hi Mike, You could try 'netstat -anp | grep 1008' which should show the process responsible. You have to be root to see all the processes. You might try '/usr/sbin/lsof | grep 1008' as well. For what it is worth, I have the latest updates here as well, and nothing listening on that port. # rpm -q XFree86 XFree86-4.1.0-15 # netstat -anp | grep 1008 Hope that helps, - -D - -- pgp key: http://www.tuxfan.homeip.net:8080/pgpkey.txt - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8VBa6eMAUbzJhSVcRAqkVAJ9Ryu8L7078ljuvyHQKJboVsvAraQCgmqdQ zw+gx3k4SIgrXLipNkk+xQ0= =nrss -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
