[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port scare


Wow. As a matter of fact, I *am* running portsentry.

I take it then that running portsentry is not in itself a risk ...

Thanks for helping me avert my own coronary. ":-)

Glenn Becker
Online Producer, Community

At 10:45am on Sun, 18 Feb 2001, Dave Sherohman wrote:

> On Sun, Feb 18, 2001 at 10:32:58AM -0500, Glenn Becker wrote:
> > What the hell *are* these things and how did they suddenly blast open
> > after I had shut down all but three? I have changed nothing - and when I
> > check inetd.conf and the other directories I edited, they are still the
> > same. Ex: I commented out finger ages ago ... it's still commented out and
> > yet now there's an open port.
> Well, either
> a)  You've been cracked in a big way
> or 
> b)  You're running portsentry
> I suspect that b is the more likely case.  portsentry works by listening on
> otherwise unused ports and reporting any attempts to connect to them as
> potential attacks.  If you use it and you want to run a meaningful portscan
> on your box, you should shut down portsentry while performing the scan.  (One
> of the sysadmins at my last job got an nmap result like that back and just
> about had a heart attack.  Then, after half an hour of trying to figure out
> how the box had been cracked, he remembered portsentry...)
> -- 
> SGI products are used to create the 'Bugs' that entertain us in theatres
> and at home. - SGI job posting
> Geek Code 3.1:  GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+
> !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: