Great Josh!, good link. Thanks! Cheers On Mon, 2007-02-19 at 15:38 -0700, Joshua Gimer wrote: > Here is a pretty good description of how it works. > > http://www.mail-archive.com/ossec-list@xxxxxxxxxxxxxxxx/msg01348.html > > Josh > > On 2/19/07, Nicolas Arias <nicolas.arias@xxxxxxxxxxx> wrote: > Hello guys. > > There weekend iv recieved 2 alerts from a busy server about > hidden > ports, both high ports. > > In that server i have oracle xe, but it shows the ports in > netstat. > > We had checked absolutly everything and it doesnt look bad, > so, i must > asume that those where false possitives... > > Daniel, can you put some ligth in this mistery? > > Can you explain how the rootkit detector works?, i mean, the > internals, > i will give the source code a try, but human words can > help :) > > Thanks! > Cheers! > > > > -- > Nicolas Arias > Security Officer > +54 11 4109 1885 > +54 9 11 5455 0055 > nicolas.arias@xxxxxxxxxxx > > > > > > > -- > Thx > Joshua Gimer -- Nicolas Arias Security Officer +54 11 4109 1885 +54 9 11 5455 0055 nicolas.arias@xxxxxxxxxxx
Attachment:
signature.asc
Description: This is a digitally signed message part