Trend Micro Questions
Stephane Lentz
Stephane.Lentz at ANSF.ALCATEL.FR
Wed Aug 20 15:40:10 IST 2003
On Wed, Aug 20, 2003 at 03:19:06PM +0100, Spicer, Kevin wrote:
> ...
> chkrootkit checks for the following files...
> /tmp/.bugtraq
> /tmp/.bugtraq.c
> /tmp/.unlock
> /tmp/httpd
> /tmp/update
> /tmp/.cinik
> /tmp/.b
>
> And the following open ports
> 2002
> 4156
> 1978
> 1812
> 2015
>
> If any of those are found it reports a possible infection
>
I guess you've installed the Trend Interscan Web interface.
It runs on port 1812
# grep 1812 /etc/services
radius 1812/tcp # Radius
radius 1812/udp # Radius
# lsof -i | grep radius
IScanWeb 1590 root 16u IPv4 4631 TCP *:radius (LISTEN)
IScanWeb 1592 root 16u IPv4 4631 TCP *:radius (LISTEN)
IScanWeb 1593 root 16u IPv4 4631 TCP *:radius (LISTEN)
IScanWeb 1596 root 16u IPv4 4631 TCP *:radius (LISTEN)
IScanWeb 1597 root 16u IPv4 4631 TCP *:radius (LISTEN)
IScanWeb 1598 root 16u IPv4 4631 TCP *:radius (LISTEN)
Disbale it (the web interface is not usefull for the CLI vscan scanner)
/etc/init.d/iscanhttpds stop
--
---
Stephane Lentz
Alcanet International, Internet Services
More information about the MailScanner
mailing list