Re: port scare
Dave,
Wow. As a matter of fact, I *am* running portsentry.
I take it then that running portsentry is not in itself a risk ...
Thanks for helping me avert my own coronary. ":-)
Glenn Becker
Online Producer, Community
SCIFI.COM
At 10:45am on Sun, 18 Feb 2001, Dave Sherohman wrote:
> On Sun, Feb 18, 2001 at 10:32:58AM -0500, Glenn Becker wrote:
> > What the hell *are* these things and how did they suddenly blast open
> > after I had shut down all but three? I have changed nothing - and when I
> > check inetd.conf and the other directories I edited, they are still the
> > same. Ex: I commented out finger ages ago ... it's still commented out and
> > yet now there's an open port.
>
> Well, either
>
> a) You've been cracked in a big way
>
> or
>
> b) You're running portsentry
>
> I suspect that b is the more likely case. portsentry works by listening on
> otherwise unused ports and reporting any attempts to connect to them as
> potential attacks. If you use it and you want to run a meaningful portscan
> on your box, you should shut down portsentry while performing the scan. (One
> of the sysadmins at my last job got an nmap result like that back and just
> about had a heart attack. Then, after half an hour of trying to figure out
> how the box had been cracked, he remembered portsentry...)
>
> --
> SGI products are used to create the 'Bugs' that entertain us in theatres
> and at home. - SGI job posting
> Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+
> !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: