on Tue, Nov 07, 2000 at 02:43:24AM -0500, Daniel Freedman (freedman@ccmr.cornell.edu) wrote: > > Hi, > > I was just running nmap on my Debian 2.2 box and noticed the following > output: > > > [root@herc /home/freedman]# nmap -sT osprey > > Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) > Interesting ports on osprey (192.168.0.1): > Port State Protocol Service > 22 open tcp ssh > 25 open tcp smtp > 53 open tcp domain > 3086 open tcp sj3 > > Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds > > > The sj3 service on port 3086 flicked into existence on this one scan but > was never in existence before or after. I didn't even know what it was! A > Google search showed it to be Kanji Character output service, or something > similar. I never explicitly installed or configured this, and have a > relatively plain-vanilla machine. Is this cause for concern? Does it > suggest my machine was compromised? What should I investigate further? nmap reports open ports and takes a guess as to what it is (particularly ports > 1024) based on its own database of services, which is extended considerably beyond what's in /etc/services. If you want to know what's actually running on your system, try netstat, which has access to process tables, and not merely open ports as nmap does. Note that nmap finds *listening* ports, which might make this an interesting find. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpu5ankHc0YJ.pgp
Description: PGP signature