Re: port 6051: hacked?
On Fri, Sep 06, 2002 at 12:16:39PM +0200, Ramin Motakef wrote:
> Hi all,
> Todays nmap run shows me:
>
> Interesting ports on (xxxxxx):
> (The 59984 ports scanned but not shown below are in state: closed)
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 53/tcp open domain
> 80/tcp open http
> 110/tcp open pop-3
> 111/tcp open sunrpc
> 143/tcp open imap2
> 199/tcp open smux
> 389/tcp open ldap
> 443/tcp open https
> 993/tcp open imaps
> 995/tcp open pop3s
> 3306/tcp open mysql
> 5432/tcp open postgres
> 6051/tcp filtered unknown <--------------
>
> fuser -v 6051/tcp gives no result.
>
> Questions:
> Am i hacked?
Not necissary, but possible.
> Is there any other way i can tell which program is responsible for
> this port?
try lsof -i:6051 or netstat
> What exactly is the meaning of "filtered"?
it means the access is blocked to that port from the host on which you
runned nmap.
I once had a similar experiance, and blocked the port in question. later
nmaps turned out to still report it, but when I commanted out the firewallrule,
the port was gone in my nmap scan.
So basically nmap shows all ports that are filtered (blocked) too; regardless
wether their is a deamon listening on that port or not.
However, I am still wondering why the port showed up in the nmap-output in
the first place. That is *before* I blocked it @ ther firewall. So if anyone
has a good theory about this, please let me know.
Thanks,
Kristof
--
The difficult we do today,
the impossible takes a little longer.
Reply to: