After running 'chkrootkit' on one of my Ubuntu server at work, I got a responds:
Checking `bindshell'... INFECTED (PORTS: 4000)
A message which started a 'mild' shiver across my back, because the rootkit checker just reported that one of the processes on the server could be compromised.
First I took the server of the network. Just to make sure. After that I searched the Internet for a possible explaination. Nothing substancionally. until I found the following command to see what is occupying the port.
sudo netstat -e -p -n -a | grep 4000
This gave me the following result:
udp6 0 0 :::4000 :::*
65534 13886 4739/coldfusion8
So it seems that Adobe Coldfusion is using this port. But this can't be found in any of the official Adobe Coldfusion documentation. There are some (blog)posts related to this, but nothing more.