Hi all,
While doing my routine patches and scans, "chkrootkit reported the following:
(*** snip ***) Checking `asp'... not infected Checking `bindshell'... warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. INFECTED (PORTS: 3133) Checking `lkm'... chkproc: nothing detected (*** snip ***)
I ran "rkhunter" immediately after the "chkrootkit" run finished, and it reported no problems. How do I determine if this is a false alarm or a real problem? If this is a real problem, what should I do about it? Also, as I'm neither a security expert nor a sysadmin, what is port 3133 used for?
thanks, Bill.