F12 Rkhunter, Have I a rootkit?
Andrew Haley
aph at redhat.com
Tue Jan 5 13:30:11 UTC 2010
On 01/05/2010 11:18 AM, Frank Murphy (Frankly3D) wrote:
> On 05/01/10 11:06, Andrew Haley wrote:
>> On 01/05/2010 10:54 AM, Frank Murphy (Frankly3D) wrote:
>>> ---------------------- Start Rootkit Hunter Scan ----------------------
>>> Warning: Network TCP port 47107 is being used by
>>> /usr/lib64/thunderbird-3.0/thunderbird-bin. Possible rootkit: T0rn
>>> Use the 'lsof -i' or 'netstat -an' command to check this.
>>>
>>>
>>> Results of lsof -i' and 'netstat -an'
>>> http://fpaste.org/xOOO/
>>
>> Port 47107 isn't being used any more. This was just TCP using a random
>> unreserved port.
>
> Basically ignore this in future, with that port?
I'm not going to tell you that. All I'm saying is that simply using
Port 47107 isn't conclusive evidence of a rootkit.
Andrew.
More information about the fedora-list
mailing list