sec-l...@googlegroups.com] On
> Behalf Of x509v3 Sent: Friday, November 19, 2010 12:08 AM
> To: ossec-list
> Subject: [ossec-list] Anyone seeing false positives like this? : Port
> '60256'(tcp) hidden. Kernel-level rootkit or trojaned version of netstat.
>
> Hi, been r
On Fri, Nov 19, 2010 at 1:07 AM, x509v3 wrote:
> Hi, been running ossec for about a month now, after testing for
> another month. Tonight I received the following from one my production
> machines:
>
> OSSEC HIDS Notification.
> 2010 Nov 18 19:36:56
>
> Received From: (host) 10.1.1.1->rootcheck
>
sec-l...@googlegroups.com] On
Behalf Of x509v3
Sent: Friday, November 19, 2010 12:08 AM
To: ossec-list
Subject: [ossec-list] Anyone seeing false positives like this? : Port
'60256'(tcp) hidden. Kernel-level rootkit or trojaned version of netstat.
Hi, been running ossec for about a month now
lf Of x509v3
Sent: Friday, November 19, 2010 12:08 AM
To: ossec-list
Subject: [ossec-list] Anyone seeing false positives like this? : Port
'60256'(tcp) hidden. Kernel-level rootkit or trojaned version of netstat.
Hi, been running ossec for about a month now, after testing for
another m
Hi, been running ossec for about a month now, after testing for
another month. Tonight I received the following from one my production
machines:
OSSEC HIDS Notification.
2010 Nov 18 19:36:56
Received From: (host) 10.1.1.1->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection even