[linux-network] `bindshell'... INFECTED (PORTS: 600)

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Serdar ŞANAL (serdar@istas.com.tr)
Date: Wed 11 Feb 2004 - 02:47:13 EST

Next message: Umut: "[linux-network] Re: `bindshell'... INFECTED (PORTS: 600)"

Previous message: Cem Kamil Külekçi: "[linux-network] Re: Netteki Yavaslik"
Next in thread: Umut: "[linux-network] Re: `bindshell'... INFECTED (PORTS: 600)"

=20
Selamlar;

Bende chkrootkit ile sistemimi taratt=FD=F0=FDmda :

`bindshell'... INFECTED (PORTS: 600) gibi bir cikti aldim. Netstat ile
baktigimda udp 600 portunun acik oldugunu gordum.=20

lsof -i |grep -i 600 ciktisi :
rpc.statd 2544 rpcuser 5u IPv4 2384 UDP *:600

Seklinde. Kill komutu ile prosesi sonlandirdim ve tekrar chkrootkit ile
taradim. Uyari mesajini artik vermiyor. Bundan sonra ne yapmam gerekir.
Bilgi verebilirseniz sevinirim.=20
=09
Tesekkurler.

Not : Asagidaki satirlarda da bir sorun var mi?

Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
/usr/lib/httpd/modules/httpd-2.0.48/os/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/test/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/.deps
/usr/lib/httpd/modules/httpd-2.0.48/.gdbinit
/usr/lib/httpd/modules/httpd-2.0.48/support/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/aaa/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/echo/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/http/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/test/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/metadata/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/cache/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/proxy/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/mappers/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/loggers/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/filters/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/experimental/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/modules/generators/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/server/.indent.pro
/usr/lib/httpd/modules/httpd-2.0.48/include/.indent.pro
/usr/lib/openoffice/share/gnome/net/.directory
/usr/lib/openoffice/share/gnome/net/.order
/usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.directory
/usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.order
/usr/lib/qt-3.1/etc/settings/.qtrc.lock
/usr/lib/qt-3.1/etc/settings/.qt_plugins_3.1rc.lock

Checking `sniffer'... eth0: PF_PACKET(/usr/sbin/dhcpd)

Checking `z2'... nothing deleted

Not : Bu e-posta Istas Bilgi Islem Merkezi tarafindan VirusBuster AV yazilimi ile virus taramasindan gecirilmistir.

Next message: Umut: "[linux-network] Re: `bindshell'... INFECTED (PORTS: 600)"

Previous message: Cem Kamil Külekçi: "[linux-network] Re: Netteki Yavaslik"
Next in thread: Umut: "[linux-network] Re: `bindshell'... INFECTED (PORTS: 600)"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.6 tarafindan uretilmistir.