chkrootkit-0.44 netstat cmd infected ?
laurens.blankers at gmail.com
Sat Nov 6 02:54:54 PST 2004
> I've been recently hacked, and after a chrootkit check i've
> noticed that all version of LFS (latest and earlier) seems to have an
> infected NETSTAT cmd after a chrootkit check.
If I recall correctly, chrootkit is flagging netstat as infected
because it contains debug symbols. This is a bug in chrootkit, but if
you want to be sure, run:
which will remove the debug symbols. And re-run chrootkit, if netstat
still gets flagged it is truelly infected.
More information about the lfs-support