Re: machine compromise??? port 3086 open on 2.2
Daniel Freedman <freedman@ccmr.cornell.edu> writes:
> I was just running nmap on my Debian 2.2 box and noticed the following
> output:
[strange services running?]
> The sj3 service on port 3086 flicked into existence on this one scan but
> was never in existence before or after. I didn't even know what it was! A
> Google search showed it to be Kanji Character output service, or something
> similar. I never explicitly installed or configured this, and have a
> relatively plain-vanilla machine. Is this cause for concern? Does it
> suggest my machine was compromised? What should I investigate further?
I've also seen this with Potato's nmap. If i run nmap in a loop and
grep my real running services out, it showed me the funniest services
running on my system. Try something like this:
for i in $(seq 100); do nmap <myhost> | grep "^[0-9]"; done
You can pipe the output through some 'grep -v PATTERN' to filter the
PATTERNs (real running services) out.
I guess it is a bug in this version, because i couldn't reproduce it
with the newest version.
moritz
--
/* Moritz Schulte <moritz@hp9001.fh-bielefeld.de>
* http://hp9001.fh-bielefeld.de/~moritz/
* PGP-Key available, encrypted Mail is welcome.
*/
Reply to: