[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] about the rootkit detector

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] about the rootkit detector
From: Nicolas Arias <nicolas.arias@xxxxxxxxxxx>
Date: Mon, 19 Feb 2007 11:12:37 -0300
Organization: Globant

Hello guys.

There weekend iv recieved 2 alerts from a busy server about hidden
ports, both high ports.

In that server i have oracle xe, but it shows the ports in netstat.

We had checked absolutly everything and it doesnt look bad, so, i must
asume that those where false possitives...

Daniel, can you put some ligth in this mistery?

Can you explain how the rootkit detector works?, i mean, the internals,
i will give the source code a try, but human words can help :)

Thanks!
Cheers!



-- 
Nicolas Arias
Security  Officer
+54 11 4109 1885 
+54 9 11 5455 0055
nicolas.arias@xxxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- [ossec-list] Re: about the rootkit detector
  - From: Joshua Gimer

References:
- [ossec-list] Re: No client configured. Exiting.
  - From: Daniel Cid
- [ossec-list] Re: No client configured. Exiting.
  - From: OlRoy OlRoy
- [ossec-list] Re: No client configured. Exiting.
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: Still getting those smbd alerts I am trying to ignore
Next by Date: [ossec-list] null route active response script
Previous by thread: [ossec-list] Re: No client configured. Exiting.
Next by thread: [ossec-list] Re: about the rootkit detector
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.