31337 - are your runing portsentry on that machine ?
Quote from the www.chkrootkit.org site:
I'm running PortSentry/klaxon. What's wrong with the bindshell test?
If you're running PortSentry/klaxon or another program that binds itself
to unused ports probably chkrootkit will give you a false posit
May be you have installed "fakebo"?
Billy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
You might not be hacked after all.
Read this: http://www.webhostgear.com/25.html
Also some googling might help ;-)
http://www.google.ro/search?q=%27bindshell%27...+INFECTED+%28PORTS%3A++1524+31337&ie=UTF-8&oe=UTF-8&hl=ro&btnG=Caut%C4%83&meta=
Looks like there are a lot of false positives on it.
On Tuesday 24 February 2004 07:53, Greg wrote:
> I am running Debian on a Dec Alpha PC164.
>
> I decided to run chkrootkit and was surprised by the following line.
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Try a nmap port scan from the outside to your ip address. If those ports are
I am running Debian on a Dec Alpha PC164.
I decided to run chkrootkit and was surprised by the following line.
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
I am not sure how no interpret this. I have checked logs, as well as binary
checks and everything "seems" fine. Can someone help
On Fri, Feb 20, 2004 at 09:56:12AM +0100, Dariush Pietrzak wrote:
> > 2.2 series of kernels, sincee they're apparently vulnerable too?
> You can find the patch on bugtraq/isec/etc, attached is a peek at it
Don't use this one! This one produces kernel panics after a few hours on
my systems. I sugge
On Fri, Feb 20, 2004 at 09:56:12AM +0100, Dariush Pietrzak wrote:
> > 2.2 series of kernels, sincee they're apparently vulnerable too?
> You can find the patch on bugtraq/isec/etc, attached is a peek at it
Don't use this one! This one produces kernel panics after a few hours on
my systems. I sugge
On Mon, Feb 23, 2004 at 12:01:02PM +0100, Xavier Poinsard wrote:
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
The security team doesn't update pr
> samhain (in unstable, should be easy to backport) which has some
> interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E
Hi all,
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
Thanks.
On Mon, Feb 23, 2004 at 10:42:05AM +0100, Jan Lühr wrote:
> Greetings,
>
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
> I did a survey of intergity checkers. I didn't find bsign then, but
I'd vote against bsign - it modifies original binaries, thus rendering
debian md5 sums useless. ( It would be great if one could get packages with
bsign-signed binaries, signed by DDs or release team ).
I prefer integrit it's v
On Mon, Feb 23, 2004 at 12:01:02PM +0100, Xavier Poinsard wrote:
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
The security team doesn't update propo
Hello,
Actually Im using Integrit with Coda. I store the binary and the database on a
read only coda mount (you can't mount it rw unless you know the coda password),
and its really fast and reliable. So my vote is Integrit, btw you should check
all of them and then make a decision for you needs
http://beboy66.info/p3/?id=lgherbs
Q9arrack
On Monday, 2004-02-23 at 10:42:05 +0100, Jan Lühr wrote:
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then I searched for
> samhain (in unstable, should be easy to backport) which has some
> interesting features.
And those interesting features should make you cautious before you deploy
samhain in production environment. I find it rather intrusive.
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E
I have used AIDE (Advanced Intrusion Detection Environment) both in production
use and when I've been an instructor on unix security courses I've made the
students learn to use it, because it's really simple and easy to use. Even
though it's quite simple, I don't see it lacking anything importan
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
Hi all,
I suppose the DSA-438 is applying to kernel 2.4.22 images from
woody-proposed-updates which have not been updated.
Is this planned or is it safer not to use images from
woody-proposed-updates ?
Thanks.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troub
On Mon, Feb 23, 2004 at 10:42:05AM +0100, Jan Lühr wrote:
> Greetings,
>
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject o
> I did a survey of intergity checkers. I didn't find bsign then, but
I'd vote against bsign - it modifies original binaries, thus rendering
debian md5 sums useless. ( It would be great if one could get packages with
bsign-signed binaries, signed by DDs or release team ).
I prefer integrit it's v
Hello,
Actually Im using Integrit with Coda. I store the binary and the database on a read
only coda mount (you can't mount it rw unless you know the coda password), and its
really fast and reliable. So my vote is Integrit, btw you should check all of them and
then make a decision for you needs
On Mon, Feb 23, 2004 at 12:46:59AM +0100, Thomas Sj?gren wrote:
> with gcc-3.3 (1:3.3.3ds4-0pre4) the maintainers updated the SSP patch.
That's great news.
> It is not however applied by default.
> I submitted a bug report [1] about this, but the problem is that my
> experience with GCC w. SS
http://beboy66.info/p3/?id=lgherbs
Q9arrack
On Monday, 2004-02-23 at 10:42:05 +0100, Jan Lühr wrote:
> well, I looking for an open source intrusion detection. At first, tripwire
> caputures my attention, but the last open source version seems to be three
> years old - is it still in development or badly vulnerable?
> Then I searched for t
I have used AIDE (Advanced Intrusion Detection Environment) both in production use and
when I've been an instructor on unix security courses I've made the students learn to
use it, because it's really simple and easy to use. Even though it's quite simple, I
don't see it lacking anything importan
Greetings,
well, I looking for an open source intrusion detection. At first, tripwire
caputures my attention, but the last open source version seems to be three
years old - is it still in development or badly vulnerable?
Then I searched for tripwire in the woody packages and found integrit and
On Mon, Feb 23, 2004 at 12:46:59AM +0100, Thomas Sj?gren wrote:
> with gcc-3.3 (1:3.3.3ds4-0pre4) the maintainers updated the SSP patch.
That's great news.
> It is not however applied by default.
> I submitted a bug report [1] about this, but the problem is that my
> experience with GCC w. SS
31 matches
Mail list logo