Event ID - 511

Port No511
Service NameT0rn Rootkit
RFC Doc0
ProtocolTCP
DescriptionThese files are part of the Linux Rootkit, a collection of Trojaned programs for Linux. This rootkit contains Trojan files that replaces Linux programs such as, ls, netstat, find, etc. Hackers use these to cover their tracks, create backdoor entry points, tamper system logs, etc.
Reference LinkROOTKIT40
AttackSolution


Replace the following files with backups. Make sure that the backups are safe and were not trojanized:
bindshell
chfn
chsh
crontab
du
find
fix
ifconfig
inetd
killall
linsniffer
login
ls
netstat
passwd
pidof
ps
rshd
sniffchk
syslogd
tcpd
top
wted
z2

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.