Hi all,
While doing my routine patches and scans, "chkrootkit reported the
following:
(*** snip ***)
Checking `asp'... not infected
Checking `bindshell'... warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
warning, got bogus l2cap line.
INFECTED (PORTS: 3133)
Checking `lkm'... chkproc: nothing detected
(*** snip ***)
I ran "rkhunter" immediately after the "chkrootkit" run finished, and it
reported no problems. How do I determine if this is a false alarm or a
real problem? If this is a real problem, what should I do about it?
Also, as I'm neither a security expert nor a sysadmin, what is port 3133
used for?
thanks,
Bill.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
