Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[security] infettato???????
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian)
View previous topic :: View next topic  
Author Message
Tiro
l33t
l33t


Joined: 14 Feb 2003
Posts: 752
Location: italy
PostPosted: Thu Mar 31, 2005 9:20 pm    Post subject: [security] infettato??????? Reply with quote
azz...scarica che te scarica... :o

con mldonkey attivo:

Code:
 # chkrootkit -q -r /

/usr/lib/.keep /usr/lib/locale/ru_RU/LC_MESSAGES/.keep /usr/lib/perl5/site_perl/5.8.6/i586-linux-thread-multi/auto/Image/Magick/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Locale/gettext/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Digest/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Digest/MD5/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Digest/MD4/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/MIME/Base64/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/URI/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Net/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Net/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/HTML/Tagset/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/HTML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Crypt/SmbHash/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/XML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/Convert/ASN1/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/IO/Socket/SSL/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi/auto/perl-ldap/.packlist /usr/lib/perl5/vendor_perl/5.8.6/i586-linux-thread-multi/auto/libwww-perl/.packlist /usr/lib/perl5/vendor_perl/5.8.6/i586-linux-thread-multi/auto/Foomatic/.packlist /usr/lib/perl5/5.8.6/i586-linux-thread-multi/.packlist /usr/lib/nfs/sm/.keep /usr/lib/nfs/sm.bak/.keep /usr/lib/apache-extramodules/.keep /usr/lib/nsbrowser/plugins/.keep /usr/lib/dbus-1.0/services/.keep /usr/lib/php/.registry /usr/lib/php/.lock /usr/lib/php/.filemap /usr/lib/motif/.keep /lib/udev-state/.keep /lib/.keep /lib/dev-state/.keep
/usr/lib/php/.registry
INFECTED (PORTS:  4000)
/proc/15212/fd: No such file or directory
eth0: PF_PACKET(/sbin/dhcpcd)


mentre con amule attivo mi indica:

Code:
INFECTED (PORTS:  5662)


(che è appunto la porta che gli ho impostato)

Rimettendo la porta di amule di default 4662 chkrootkit non rileva niente...che è un baco o mi devo preoccupare??

:cry:
Back to top
View user's profile Send private message
dboogieman
Apprentice
Apprentice


Joined: 02 Oct 2004
Posts: 197
PostPosted: Tue Apr 12, 2005 4:40 pm    Post subject: Reply with quote
Ciao scusami non vorrei essere semplicistico ed affrettato nelle considerazioni, ma e' probabile che visto che i sw di file sharing rimangono in ascolto su determinati socket per permetterti downlaod e permettere ad utenti remoti di uplodare da te, potrebbe essere che chkrootkit veda i sw di file sharing come delle backdoor, tanto e' vero che ti segnala le porte su cui "girano" i sw di file sharing

spero possa esserti utile

ciao

dboogieman
Back to top
View user's profile Send private message
hellraiser
Guru
Guru


Joined: 14 Jun 2003
Posts: 431
Location: Pescara [Italy]
PostPosted: Tue Apr 12, 2005 4:56 pm    Post subject: Reply with quote
si si, anche secondo me è cosi...vede quelle porte come porte aperte da qualche backdoor!Non c è da preoccuparsi
_________________
Io non sono nessuno...ma nessuno è come me!

"Open Source is a good idea..."
Back to top
View user's profile Send private message
Tiro
l33t
l33t


Joined: 14 Feb 2003
Posts: 752
Location: italy
PostPosted: Tue Apr 12, 2005 5:02 pm    Post subject: Reply with quote
ok grazie! l'avevo immaginato! ;)
...ma è brutto vedersi INFECTED!!!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Forum italiano (Italian) All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy