intrusion detected
Brian Walker
bfwalker at gmail.com
Thu Aug 18 05:32:58 UTC 2005
On 8/18/05, Brian Walker <bfwalker at gmail.com> wrote:
>
> OK - carrying on from the initial intrusion, and searching the disk, I ran
>
> # /usr/sbin/chkrootkit
>
> and most was negative apart from this:
>
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
>
> Any ideas on removal and protection? How should I detect who placed it
> there?
>
> Brian
>
And solved - for those who - like me - fail to google before posting: this
seems to be normal procedure for chkrootkit and portsentry. No intrusion
.... but as a matter of interest, once security is taken seriously, on a
single machine, run at work - the time consumed is immense. Thankfully
Ubuntu has hardened the system by default ...
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050818/518ebbb4/attachment.html>
More information about the ubuntu-users
mailing list