port scare
All,
Not long after my last message to the list last night re: open ports, I
was chatting on IRC and got an email message from logcheck re: a system
attack. It appeared from the message that the attack had been
repelled; however, now when I run nmap, I get this:
Interesting ports on localhost (127.0.0.1):
Port State Protocol Service
1 open tcp tcpmux
11 open tcp systat
15 open tcp netstat
22 open tcp ssh
25 open tcp smtp
53 open tcp domain
79 open tcp finger
111 open tcp sunrpc
119 open tcp nntp
143 open tcp imap2
540 open tcp uucp
635 open tcp unknown
1080 open tcp socks
1524 open tcp ingreslock
2000 open tcp callbook
6667 open tcp irc
12345 open tcp NetBus
12346 open tcp NetBus
31337 open tcp Elite
32771 open tcp sometimes-rpc5
32772 open tcp sometimes-rpc7
32773 open tcp sometimes-rpc9
32774 open tcp sometimes-rpc11
What the hell *are* these things and how did they suddenly blast open
after I had shut down all but three? I have changed nothing - and when I
check inetd.conf and the other directories I edited, they are still the
same. Ex: I commented out finger ages ago ... it's still commented out and
yet now there's an open port.
Thx,
Glenn Becker
Online Producer, Community
SCIFI.COM
Reply to: