F12 Rkhunter, Have I a rootkit?
Kevin Fenzi
kevin at scrye.com
Tue Jan 5 17:11:22 UTC 2010
On Tue, 05 Jan 2010 10:54:13 +0000
"Frank Murphy (Frankly3D)" <frankly3d at gmail.com> wrote:
> ---------------------- Start Rootkit Hunter Scan
> ---------------------- Warning: Network TCP port 47107 is being used
> by /usr/lib64/thunderbird-3.0/thunderbird-bin. Possible rootkit: T0rn
> Use the 'lsof -i' or 'netstat -an' command to check this.
>
>
> Results of lsof -i' and 'netstat -an'
> http://fpaste.org/xOOO/
This is a false positive.
basically it saw that something was using port 47107, which is used by
a known rootkit. It then printed a warning for you to check it.
Likely thunderbird just happened to be using that tranisitory port when
the check was run.
If you re-run it now does it show ok?
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20100105/9e650c77/attachment-0001.sig>
More information about the fedora-list
mailing list