Re: machine compromise??? port 3086 open on 2.2

To: debian-user@lists.debian.org
Subject: Re: machine compromise??? port 3086 open on 2.2
From: Damien <bitwise@repose.cx>
Date: Tue, 7 Nov 2000 20:32:11 +1100
Message-id: <[🔎] 20001107203211.C7322@respite>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: Damien <bitwise@repose.cx>
In-reply-to: <[🔎] Pine.LNX.4.10.10011070237430.27250-100000@gun.lassp.cornell.edu>; from freedman@ccmr.cornell.edu on Tue, Nov 07, 2000 at 02:43:24AM -0500
References: <[🔎] Pine.LNX.4.10.10011070237430.27250-100000@gun.lassp.cornell.edu>

> [root@herc /home/freedman]# nmap -sT osprey
> 
> Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
> Interesting ports on osprey (192.168.0.1):
> Port    State       Protocol  Service
> 22      open        tcp        ssh             
> 25      open        tcp        smtp            
> 53      open        tcp        domain          
> 3086    open        tcp        sj3             

ports > 1024 are automatically allocated by a program for any tcp connection.
since 3086 wasn't in use, some program bound to it. it doesn't mean it was
actually using the sj3 protocol. this could have been a domain lookup. telnet.
even you viewing a webpage.

cheers

-- 
Damien <bitwise@repose.cx>                                  'together alone'

Attachment: pgplp39w9L1xB.pgp
Description: PGP signature

Reply to:

References:
- machine compromise??? port 3086 open on 2.2
  - From: Daniel Freedman <freedman@ccmr.cornell.edu>

Prev by Date: Re: Vim's background colour
Next by Date: Re: Screenblanking of console
Previous by thread: machine compromise??? port 3086 open on 2.2
Next by thread: Re: machine compromise??? port 3086 open on 2.2
Index(es):
- Date
- Thread