[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port 6051: hacked?

On Fri, Sep 06, 2002 at 12:16:39PM +0200, Ramin Motakef wrote:
> Hi all,
> Todays nmap run shows me:
> Interesting ports on  (xxxxxx):
> (The 59984 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp                     
> 22/tcp     open        ssh                     
> 25/tcp     open        smtp                    
> 53/tcp     open        domain                  
> 80/tcp     open        http                    
> 110/tcp    open        pop-3                   
> 111/tcp    open        sunrpc                  
> 143/tcp    open        imap2                   
> 199/tcp    open        smux                    
> 389/tcp    open        ldap                    
> 443/tcp    open        https                   
> 993/tcp    open        imaps                   
> 995/tcp    open        pop3s                   
> 3306/tcp   open        mysql                   
> 5432/tcp   open        postgres                
> 6051/tcp   filtered    unknown    <--------------                 
> fuser -v 6051/tcp gives no result. 
> Questions:
> Am i hacked? 

Not necissary, but possible.

> Is there any other way i can tell which program is responsible for
> this port?

try lsof -i:6051 or netstat
> What exactly is the meaning of "filtered"?

it means the access is blocked to that port from the host on which you
runned nmap.

I once had a similar experiance, and blocked the port in question. later
nmaps turned out to still report it, but when I commanted out the firewallrule,
the port was gone in my nmap scan.

So basically nmap shows all ports that are filtered (blocked) too; regardless
wether their is a deamon listening on that port or not.

However, I am still wondering why the port showed up in the nmap-output in 
the first place. That is *before* I blocked it @ ther firewall. So if anyone 
has a good theory about this, please let me know.



The difficult we do today,
the impossible takes a little longer.

Reply to: