Re: chkrootkit pblm netstat

To: Darrel <levitch%iglou.com@localhost>
Subject: Re: chkrootkit pblm netstat
From: David Brownlee <abs%netbsd.org@localhost>
Date: Tue, 10 Jul 2012 18:11:59 +0100

On 10 July 2012 18:05, Darrel <levitch%iglou.com@localhost> wrote:
> Hello,
>
> Unless you do not trust the package, will anyone please run chkrootkit on
> NetBSD6-beta and find if it reports netstat as infected?
>
> I have run this computer without a firewall for a couple of days until New
> Packet Firewall was compiled into the kernel and is operational; however,
> all of my computers are running behind a gateway running Packet Filter.

Looks to be false positive - it runs a strings on netstat and looks for

/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h

which in the case of NetBSD's netstat matches on mobile_regreply ('grep')

Follow-Ups:
- Re: chkrootkit pblm netstat
  - From: Darrel
- Re: chkrootkit pblm netstat
  - From: tlaronde

References:
- chkrootkit pblm netstat
  - From: Darrel

Prev by Date: chkrootkit pblm netstat
Next by Date: Re: chkrootkit pblm netstat
Previous by Thread: chkrootkit pblm netstat
Next by Thread: Re: chkrootkit pblm netstat
Indexes:

Home | Main Index | Thread Index | Old Index