Threaded Mode | Linear Mode

**BioALIEN** · 01-04-2008 03:35 PM

I installed ispcp latest build 4 days ago and was checking my rootkit log and I found this. Can anybody give me clues on whether this is a major risk?

I followed only the standard install, so it's strange how I was infected so quickly?

Quote:[00:03:08] WARNING, found: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory)
---
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

Anybody can give their opinion on this?

**BeNe** · 01-04-2008 04:39 PM

We discuss this in the German Corner.
This is no Problem or Warning. SMTPS for Postfix is running on this Port 465 and it is OK. No one has a Problem with it - just RootKit Log.

Greez BeNe

**BioALIEN** · 01-04-2008 05:20 PM

Hmm so its a false alarm? That's a major relief to know. Thanks for the response BeNe!

**BeNe** · 01-04-2008 06:16 PM

Yeah if you want so it is a false alarm!
If you do not use SMTPS - disable it in Postfix and this wrong Warning/Error is gone. That´s all. Wink

Greez BeNe

raphael · 01-05-2008 04:02 AM

why isn't it 587? that's odd

**BeNe** · 01-05-2008 04:47 AM

Port 587 is not secure / normal SMTP and 465 is SMTPS or not ?

Greez BeNe

**joximu** · 01-05-2008 06:48 AM

SMTPS is 465, the so called "submit service" is on Port 587 and this is more and more used by providers to provide a "smtp with auth" for customers.
(Yeah, I know: smtp with auth is also possible on port 25 - I think the advantage could be: Port 587 is *only* for the own customers -> always and only with smtp auth, and port 25 (and 465???) is *only* for other mail servers -> no smtp auth but with all sort of spam/virus checks... (blacklists).

/Joximu

raphael · 01-07-2008 03:50 AM

usually SMTP+TLS is on 587, not 465; port 25 is SMTP. AUTH is usually allowed at both ports, no discrimination neither on one nor the other

**joximu** · 01-07-2008 04:28 AM

Ok thanks Raphael.
So, Port 465 is *only* used if you want to use SMTP with *SSL* (SMTPS)
And this is not (yet) very common (well, I use it on one server :-)

/J

fulltilt · 02-04-2008 11:04 PM

i found this also today on a strato server:

Code:

Checking `sniffer'... lo: not promisc and no packet sniffer sockets

eth0: PACKET SNIFFER(/sbin/dhcpcd-bin[1709])

Threaded Mode \| Linear Mode Rootkit Log
Author	Message