Trend Micro Questions

Stephane Lentz Stephane.Lentz at ANSF.ALCATEL.FR
Wed Aug 20 15:40:10 IST 2003


On Wed, Aug 20, 2003 at 03:19:06PM +0100, Spicer, Kevin wrote:
> ...
> chkrootkit checks for the following files...
> /tmp/.bugtraq
> /tmp/.bugtraq.c
> /tmp/.unlock
> /tmp/httpd
> /tmp/update
> /tmp/.cinik
> /tmp/.b
>
> And the following open ports
> 2002
> 4156
> 1978
> 1812
> 2015
>
> If any of those are found it reports a possible infection
>
I guess you've installed the Trend Interscan Web interface.
It runs on port 1812


# grep 1812 /etc/services
radius          1812/tcp                        # Radius
radius          1812/udp                        # Radius
# lsof  -i | grep radius
IScanWeb   1590    root   16u  IPv4     4631       TCP *:radius (LISTEN)
IScanWeb   1592    root   16u  IPv4     4631       TCP *:radius (LISTEN)
IScanWeb   1593    root   16u  IPv4     4631       TCP *:radius (LISTEN)
IScanWeb   1596    root   16u  IPv4     4631       TCP *:radius (LISTEN)
IScanWeb   1597    root   16u  IPv4     4631       TCP *:radius (LISTEN)
IScanWeb   1598    root   16u  IPv4     4631       TCP *:radius (LISTEN)

Disbale it (the web interface is not usefull for the CLI vscan scanner)

/etc/init.d/iscanhttpds  stop

--
---
Stephane Lentz
Alcanet International, Internet Services



More information about the MailScanner mailing list