Re: Security: Compromised?
First you can check what binaries listen what port.
As root use command:
netstat -ap
or probably
netstat -ap | grep LISTEN
P.S. I'm not sure if switch -p works on Debian. It works on Slackware
7.0 - probably it should work on Debian.
>>>>> "WL" == William Leese <wleese@europe.nl.com> writes:
WL> When running nmap -sT and -sU on my static IP# i get the following
WL> 1/udp open tcpmux
WL> 7/udp open echo
WL> 9/udp open discard
WL> 69/udp open tftp
WL> 161/udp open snmp
WL> 162/udp open snmptrap
WL> 513/udp open who
WL> 635/udp open mount
WL> 640/udp open pcnfs
WL> 641/udp open unknown
WL> 700/udp open unknown
WL> 31337/udp open BackOrifice
WL> 32770/udp open sometimes-rpc4
WL> 32771/udp open sometimes-rpc6
WL> 32772/udp open sometimes-rpc8
WL> 32773/udp open sometimes-rpc10
WL> 32774/udp open sometimes-rpc12
WL> 54321/udp open bo2k
WL> Port State Service
WL> 1/tcp open tcpmux
WL> 11/tcp open systat
WL> 15/tcp open netstat
WL> 79/tcp open finger
WL> 111/tcp open sunrpc
WL> 119/tcp open nntp
WL> 143/tcp open imap2
WL> 540/tcp open uucp
WL> 635/tcp open unknown
WL> 1080/tcp open socks
WL> 1524/tcp open ingreslock
WL> 2000/tcp open callbook
WL> 2401/tcp open cvspserver
WL> 6667/tcp open irc
WL> 12345/tcp open NetBus
WL> 12346/tcp open NetBus
WL> 31337/tcp open Elite
WL> 32771/tcp open sometimes-rpc5
WL> 32772/tcp open sometimes-rpc7
WL> 32773/tcp open sometimes-rpc9
WL> 32774/tcp open sometimes-rpc11
WL> 54320/tcp open bo2k
WL> to me, this doesn't look good. half of these services i know i do not have
WL> installed, neither do they show up on a ps aux. I'm running tcpwrappers and
WL> portsentry, could this have something to do with it?
WL> --
WL> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
WL> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Ilya Martynov
AGAVA Software Company, http://www.agava.com
Reply to: