Port No | 511 |
Service Name | T0rn Rootkit |
RFC Doc | 0 |
Protocol | TCP |
Description | These files are part of the Linux Rootkit, a collection of Trojaned programs for Linux. This rootkit contains Trojan files that replaces Linux programs such as, ls, netstat, find, etc. Hackers use these to cover their tracks, create backdoor entry points, tamper system logs, etc. |
Reference Link | ROOTKIT40 |
Attack | Solution Replace the following files with backups. Make sure that the backups are safe and were not trojanized: bindshell chfn chsh crontab du find fix ifconfig inetd killall linsniffer login ls netstat passwd pidof ps rshd sniffchk syslogd tcpd top wted z2 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.