quark122
30th December 2006, 14:09
I have chkrootkit and PortSentry installed.
When I run a chkrootkit (and PortSentry is running), I get bindshell INFECTED errors on ports 465 1524 6667 31337.
When I check via NetStat, sendmail is on 465 & PortSentry is on 1524, 6667 & 31337.
If I shut down sendmail & PortSentry... then chkrootkit comes back clean.
Am I seeing false positives... or should I look deeper?
When I run a chkrootkit (and PortSentry is running), I get bindshell INFECTED errors on ports 465 1524 6667 31337.
When I check via NetStat, sendmail is on 465 & PortSentry is on 1524, 6667 & 31337.
If I shut down sendmail & PortSentry... then chkrootkit comes back clean.
Am I seeing false positives... or should I look deeper?