Re: machine compromise??? port 3086 open on 2.2

To: debian-user@lists.debian.org
Subject: Re: machine compromise??? port 3086 open on 2.2
From: Moritz Schulte <tux@gmx.li>
Date: 07 Nov 2000 14:08:26 +0100
Message-id: <[🔎] 87wvegx73p.fsf@gryffindor.sc>
In-reply-to: Daniel Freedman's message of "Tue, 7 Nov 2000 02:43:24 -0500 (EST)"
References: <[🔎] Pine.LNX.4.10.10011070237430.27250-100000@gun.lassp.cornell.edu>

Daniel Freedman <freedman@ccmr.cornell.edu> writes:

> I was just running nmap on my Debian 2.2 box and noticed the following
> output:

[strange services running?]

> The sj3 service on port 3086 flicked into existence on this one scan but
> was never in existence before or after.  I didn't even know what it was! A
> Google search showed it to be Kanji Character output service, or something
> similar.  I never explicitly installed or configured this, and have a
> relatively plain-vanilla machine.  Is this cause for concern?  Does it
> suggest my machine was compromised?  What should I investigate further?

I've also seen this with Potato's nmap. If i run nmap in a loop and
grep my real running services out, it showed me the funniest services
running on my system. Try something like this:

        for i in $(seq 100); do nmap <myhost> | grep "^[0-9]"; done

You can pipe the output through some 'grep -v PATTERN' to filter the
PATTERNs (real running services) out.

I guess it is a bug in this version, because i couldn't reproduce it
with the newest version. 

	moritz
-- 
/* Moritz Schulte <moritz@hp9001.fh-bielefeld.de>
 * http://hp9001.fh-bielefeld.de/~moritz/
 * PGP-Key available, encrypted Mail is welcome.
 */

Reply to:

References:
- machine compromise??? port 3086 open on 2.2
  - From: Daniel Freedman <freedman@ccmr.cornell.edu>

Prev by Date: Unidentified subject!
Next by Date: Problem with fbi/convert
Previous by thread: Re: machine compromise??? port 3086 open on 2.2
Next by thread: Re: machine compromise??? port 3086 open on 2.2
Index(es):
- Date
- Thread