chkrootkit false positives

Discussion in 'Technical' started by quark122, Dec 30, 2006.

  1. quark122

    quark122 New Member

    I have chkrootkit and PortSentry installed.

    When I run a chkrootkit (and PortSentry is running), I get bindshell INFECTED errors on ports 465 1524 6667 31337.

    When I check via NetStat, sendmail is on 465 & PortSentry is on 1524, 6667 & 31337.

    If I shut down sendmail & PortSentry... then chkrootkit comes back clean.

    Am I seeing false positives... or should I look deeper?
     
    quark122, Dec 30, 2006
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    falko, Dec 31, 2006
    #2

Share This Page