is there something hacked in my network?
hi all,
A few days ago I scanned the only win2k-machine in my littles homenetwork
(consist of my debian-machine, the server, and a w2k-machine) with
nmap -sT 192.0.168.253.
This was the result I got:
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.0.253):
(The 1527 ports scanned but not shown below are in state: closed)
Port State Service
110/tcp open pop-3
135/tcp open loc-srv
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen
2049/tcp filtered nfs
6000/tcp filtered X11
6001/tcp filtered X11:1
6002/tcp filtered X11:2
6003/tcp filtered X11:3
6004/tcp filtered X11:4
6005/tcp filtered X11:5
6006/tcp filtered X11:6
6007/tcp filtered X11:7
6008/tcp filtered X11:8
6009/tcp filtered X11:9
6050/tcp filtered arcserve
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master
We couldn't find wat it was, but because we had planned to reinstall the
windows-machine for al longer time we did that this weekend.
After installing windows we start to try to install debian also on the
windows-machine.
When we did that (from floppy's) the installation hangs when it tries to
make a connection to the internet through my debian-machine.
The strange thing now is that after a clean install of win2k and the half
installation of debian a scan with nmap to the machine shows exactly the
same as before.
I don't know yet what it could be?
Is it possible that the install-floppy we have used to install linux on the
windows machine were infected?
Could it be that there was something wrong on the windows-machine that a
normal format of all the disks didn't removed?
Or is there something wrong in the debian server?
Maybe someone can give us some advise?
thanks,
Hans
Reply to: