intrusion detected

Brian Walker bfwalker at gmail.com
Thu Aug 18 05:32:58 UTC 2005


On 8/18/05, Brian Walker <bfwalker at gmail.com> wrote:
> 
> OK - carrying on from the initial intrusion, and searching the disk, I ran
> 
> # /usr/sbin/chkrootkit
> 
> and most was negative apart from this: 
> 
> Checking `bindshell'... INFECTED (PORTS: 1524 31337)
> 
> Any ideas on removal and protection? How should I detect who placed it 
> there?
> 
> Brian
> 

And solved - for those who - like me - fail to google before posting: this 
seems to be normal procedure for chkrootkit and portsentry. No intrusion 
.... but as a matter of interest, once security is taken seriously, on a 
single machine, run at work - the time consumed is immense. Thankfully 
Ubuntu has hardened the system by default ...

Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050818/518ebbb4/attachment.html>


More information about the ubuntu-users mailing list