Rob Weir wrote:
On Tue, Jan 28, 2003 at 04:43:51PM -0600, Kent West wrote:I just ran the command "sudo nmap -sT -sU localhost" which listed the following:. . .12345/tcp open NetBus 12346/tcp open NetBus 27665/tcp open Trinoo_Master 31335/udp open Trinoo_Register 31337/tcp open Elite 31337/udp open BackOrifice 32770/udp open sometimes-rpc4. . .Should I be concerned, or is this maybe part of portsentry or something similar?No idea. nmap, amazing as it is, isn't the only tool you need though. Try running 'netstat -ntuple' to see which programs are actually listening, according to the kernel. Of course, netstat could have been replaced with a trojaned version, and your kernel could have been messed with, but, otherwise it'll show you what programs are listening on your ports... -rob
Looks like it may just be part of portsentry. Thanks!
westek[westk]:/home/westk> sudo netstat -ntuple Active Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:1 0.0.0.0:* LISTEN 0 2168 701/portsentry tcp 0 0 0.0.0.0:20034 0.0.0.0:* LISTEN 0 2201 701/portsentry tcp 0 0 0.0.0.0:32771 0.0.0.0:* LISTEN 0 2207 701/portsentry tcp 0 0 0.0.0.0:32772 0.0.0.0:* LISTEN 0 2209 701/portsentry tcp 0 0 0.0.0.0:40421 0.0.0.0:* LISTEN 0 2215 701/portsentry tcp 0 0 0.0.0.0:32773 0.0.0.0:* LISTEN 0 2211 701/portsentry tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN 0 496 364/inetd tcp 0 0 0.0.0.0:32774 0.0.0.0:* LISTEN 0 2213 701/portsentry tcp 0 0 0.0.0.0:31337 0.0.0.0:* LISTEN 0 2205 701/portsentry tcp 0 0 0.0.0.0:6667 0.0.0.0:* LISTEN 0 2195 701/portsentry