intrusion detected
Brian Walker
bfwalker at gmail.com
Thu Aug 18 04:15:47 UTC 2005
OK - carrying on from the initial intrusion, and searching the disk, I ran
# /usr/sbin/chkrootkit
and most was negative apart from this:
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Any ideas on removal and protection? How should I detect who placed it
there?
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050818/dc3dd974/attachment.html>
More information about the ubuntu-users
mailing list