reporting high ports as rootkit
Bug #861195 reported by
Ralf Hildebrandt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rkhunter (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
From a daily mail:
Warning: Network TCP port 47018 is being used by /usr/sbin/squid. Possible rootkit: Possible Universal
Rootkit (URK) component
Use the 'lsof -i' or 'netstat -an' command to check this.
in this case squid has a high port open, which is quite commonplace for a proxy.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: rkhunter 1.3.6-5
ProcVersionSign
Uname: Linux 2.6.38-
Architecture: i386
Date: Wed Sep 28 09:28:35 2011
PackageArchitec
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: rkhunter
UpgradeStatus: Upgraded to natty on 2011-04-28 (152 days ago)
To post a comment you must log in.