Re: Uh-oh. Cracked allready. I think...
Kjetil Kjernsmo <firstname.lastname@example.org> writes:
> >The fact they don't show up when you do a local scan confirms this.
> >These services aren't running on your machine.
> So, what you're saying is that all this alarm is for no good reason...?
> There has been no l337 h4X0rz trying to get into my box....? Well, that
> would be really be good news! Of course, it will not make me stop reading
> about how to secure the box.
There is still an outside chance you have either
a) a tcp listener on only the external interface that's only started in
response to an ICMP ping of specific content/length
b) some very dodgy (probably LKM-based) trojan that's either deflecting
nmap and/or netstat calls and/or
however, the chances of this are slimmer than I am paranoid.
I'd say you should be grateful to have got away lightly - kill listeners
you're not using, firewall it with iptables and sort out your nIDS - the
chances are you'll soon find out if you're haemoraghing evil scans or
 I have a simple enough starter script floating around at
<http://spodzone.org.uk/packages/secure/iptables.sh> if it helps at all -
no doubt others have their own approaches, but at least mine has no gui
requirements other than $EDITOR ;)
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org