chkrootkit >>snip<< Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 1008) Checking `lkm'... nothing detected Checking `rexedcs'... not found Checking `sniffer'... Checking `wted'... nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... nothing deleted netstat -apn|grep 1008 udp 0 0 0.0.0.0:1008 0.0.0.0:* 11870/rpc.rquotad service nfs stop service nfs start netstat -apn|grep rpc tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 1121/rpc.statd tcp 0 0 0.0.0.0:32909 0.0.0.0:* LISTEN 11901/rpc.mountd tcp 0 0 0.0.0.0:602 0.0.0.0:* LISTEN 11870/rpc.rquotad udp 0 0 0.0.0.0:32769 0.0.0.0:* 1121/rpc.statd udp 0 0 0.0.0.0:32839 0.0.0.0:* 11901/rpc.mountd udp 0 0 0.0.0.0:1023 0.0.0.0:* 11870/rpc.rquotad unix 2 [ ] DGRAM 3415 1121/rpc.statd
Now not bind to port 1008 but 1023 again service nfs stop service nfs start netstat -apn|grep rpc tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 1121/rpc.statd tcp 0 0 0.0.0.0:32910 0.0.0.0:* LISTEN 12940/rpc.mountd tcp 0 0 0.0.0.0:793 0.0.0.0:* LISTEN 12909/rpc.rquotad udp 0 0 0.0.0.0:32769 0.0.0.0:* 1121/rpc.statd udp 0 0 0.0.0.0:790 0.0.0.0:* 12909/rpc.rquotad udp 0 0 0.0.0.0:32840 0.0.0.0:* 12940/rpc.mountd unix 2 [ ] DGRAM 3415 1121/rpc.statd chkrootkit <snip> Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... nothing detected Checking `rexedcs'... not found Checking `sniffer'... Checking `wted'... nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... nothing deleted is this a problem with chkrootkit or with nfs
