toffee_natividad
asked on
/etc/cron.daily/chkrootkit: The following suspicious files and directories were found: /lib/init/rw/.ramfs INFECTED (PORTS: 6667)
Hi I receive a mail from cron :
/etc/cron.daily/chkrootkit :
The following suspicious files and directories were found:
/lib/init/rw/.ramfs
INFECTED (PORTS: 6667)
I do not know what does this mean. Can someone please help me?
/etc/cron.daily/chkrootkit
The following suspicious files and directories were found:
/lib/init/rw/.ramfs
INFECTED (PORTS: 6667)
I do not know what does this mean. Can someone please help me?
ASKER
I could not see the port 6667
You dont see a port doing "ps axuf"
You can see a application that runs without your permission...
Telnet <yourip> 6667
Does it open? If yes, means that something listens to that port...
You can see a application that runs without your permission...
Telnet <yourip> 6667
Does it open? If yes, means that something listens to that port...
ASKER
how do I do the telnet? I am sorry, should I do it on the windows XP machine command prompt or on that server where it gave me the error?, what command should I run?
ASKER
Should I run netstat -ln ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Port 6667 is usually used by an IRC server
Check what services run to your linux (ps axuf)