[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacked - is it my turn? - interesting



On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
> > > 'nmap' to those ports gives me:
> > > 
> > >>PORT      STATE    SERVICE
> > >>1524/tcp  filtered ingreslock
> > >>31337/tcp filtered Elite
> 
> turn off those ports ... kill ingress and whatever uses elite
> 
> and keep poking around with nmap till it doesn show those
> ports listed

Those ports are not showing up as open.  'Filtered' does not mean open.
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.

I'm curious about what the output of 'iptables -L' looks like on this
machine.  I'm also curious about any routers or other network devices
that might exist between the source and target of this scan.  They are
also capable of creating this behavior.

noah

Attachment: pgpQonNpyXz3X.pgp
Description: PGP signature


Reply to: