is there something hacked in my network?
A few days ago I scanned the only win2k-machine in my littles homenetwork
(consist of my debian-machine, the server, and a w2k-machine) with
nmap -sT 126.96.36.199.
This was the result I got:
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.0.253):
(The 1527 ports scanned but not shown below are in state: closed)
Port State Service
110/tcp open pop-3
135/tcp open loc-srv
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen
2049/tcp filtered nfs
6000/tcp filtered X11
6001/tcp filtered X11:1
6002/tcp filtered X11:2
6003/tcp filtered X11:3
6004/tcp filtered X11:4
6005/tcp filtered X11:5
6006/tcp filtered X11:6
6007/tcp filtered X11:7
6008/tcp filtered X11:8
6009/tcp filtered X11:9
6050/tcp filtered arcserve
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master
We couldn't find wat it was, but because we had planned to reinstall the
windows-machine for al longer time we did that this weekend.
After installing windows we start to try to install debian also on the
When we did that (from floppy's) the installation hangs when it tries to
make a connection to the internet through my debian-machine.
The strange thing now is that after a clean install of win2k and the half
installation of debian a scan with nmap to the machine shows exactly the
same as before.
I don't know yet what it could be?
Is it possible that the install-floppy we have used to install linux on the
windows machine were infected?
Could it be that there was something wrong on the windows-machine that a
normal format of all the disks didn't removed?
Or is there something wrong in the debian server?
Maybe someone can give us some advise?