Re: Hacked - is it my turn? - interesting

To: Noah Meyerhans <noahm@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: Hacked - is it my turn? - interesting
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Mon, 2 Feb 2004 14:54:33 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1040202145155.31942A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20040202222839.GX2096@morgul.net>

hi ya noah

On Mon, 2 Feb 2004, Noah Meyerhans wrote:

> On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
> > > > 'nmap' to those ports gives me:
> > > > 
> > > >>PORT      STATE    SERVICE
> > > >>1524/tcp  filtered ingreslock
> > > >>31337/tcp filtered Elite
> > 
> > turn off those ports ... kill ingress and whatever uses elite
> > 
> > and keep poking around with nmap till it doesn show those
> > ports listed
> 
> Those ports are not showing up as open.  'Filtered' does not mean open.

yuppers... good point ... and i prefer it to not show up at all ... 

> If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
> this exact behavior, with nothing listening on these ports.

and am wondering, why explicitly reject those ports and not
explicity reject other ports that is also not used ...

have fun
alvin

hopefully.. nobody has a iptable config of 64k lines of rejects :-)

> I'm curious about what the output of 'iptables -L' looks like on this
> machine.  I'm also curious about any routers or other network devices
> that might exist between the source and target of this scan.  They are
> also capable of creating this behavior.
>

Reply to:

Follow-Ups:
- Re: Hacked - is it my turn? - interesting
  - From: Noah Meyerhans <noahm@debian.org>

References:
- Re: Hacked - is it my turn? - interesting
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: Hacked - is it my turn?
Next by Date: Re: Hacked - is it my turn?
Previous by thread: Re: Hacked - is it my turn? - interesting
Next by thread: Re: Hacked - is it my turn? - interesting
Index(es):
- Date
- Thread